CyberWar Games 2015
Things I have learned from the CTF styled CYBER WAR GAMES 2015: Checking source code for getting some path that are not public and hidden information used Tamper Data to login into the website modified cookies values #cookies stealing from one user and hijacking the sessions Used Nmap to get the OS and services running in the targets and identified the vulnerable services nmap -A IP nmap -sV -O nmap -Pn Used Metaspolit to take the control of vulnerable and exploit the machine CVE -2014-0610 Open-SSL Heart Bleed used an exploit and got the servers password msfconsole, use, show options, set, exploit, search, show payloads Used smbclient application to connect the windows server from linux terminal smbclient '//10.1.8.136/c$' -p445 --user='Administrator' mget to download files to local Used host application to get the IP address of the website or servers Used nslookup and dig to know the dns informations wget -r --no-parent