CyberWar Games 2015

Things I have learned from the CTF styled CYBER WAR GAMES 2015:



Checking source code for getting some path that are not public and hidden information

used Tamper Data to login into the website

modified cookies values

#cookies stealing from one user and hijacking the sessions


Used Nmap to get the OS and services running in the targets and identified the vulnerable services

nmap -A IP
nmap -sV -O
nmap -Pn


Used Metaspolit to take the control of vulnerable and exploit the machine

CVE -2014-0610 Open-SSL Heart Bleed used an exploit and got the servers password

msfconsole, use, show options, set, exploit, search, show payloads

Used smbclient application to connect the windows server from linux terminal

smbclient '//10.1.8.136/c$'  -p445 --user='Administrator'
mget to download files to local

Used host application to get the IP address of the website or servers

Used nslookup and dig to know the dns informations


wget -r --no-parent --reject "index.html*" 10.1.8.198/.git

git reset --hard

Comments

Post a Comment

Popular posts from this blog

Python Speech recognition for Mac OS X

Hi Folks, I have been been searching for the    Python Speech recognition package especially for Mac OS.  I am not happy with the search results. Finally I got  https://pypi.python.org/pypi/SpeechRecognition/ (SpeechRecognition works only for the Linux distributions and Windows.) But I made it working for the Mac OS X by using flac.  Following are the instructions to make it run and modified code,  Prerequisite: Install Xcode in Unix Development mode Install Xcode - Command Line tools (Type ' xcode-select —install' in the terminal ) Install Port or Brew ( port    [or]   Brew   ) sudo brew install portaudio  [or]  sudo port install portaudio (for loading mic drivers) sudo pip install pyaudio [or] sudo easy_install install pyaudio (Mic Sources) sudo pip install SpeechRecognition [or] sudo easy_install install SpeechRecognition sudo port install flac Once you have finished w...
Read more

Baby Step Giant Step Algorithm Python Code

#Baby Step Giant Step DLP problem y = a**x mod n #Example 70 = 2**x mod 131 y = 70 a = 2 n = 131 s = floor(sqrt(n)) A = [] B = [] for r in range(0,s): value = y*(a^r) % n A.append(value) for t in range(1,s+1): value = a^(t*s) % n B.append(value) print A print B x1,x2 =0,0 for r in A: for t in B: if r == t: x1 = A.index(r) x2 = B.index(t) print x1,x2 break print 'the value of x is ', ((x2+1)*s - x1) % n # Answer
Read more

Simple Automation using Python - Atomac in Mac OS X

Image
The Product Automation in MAC OS X is quite easy if we have enough knowledge in the following languages and tools  Bash Scripts  Apple Scripts  Python especially ATOMac Knowledge in Accessibility. For more understanding of the LDTP: http://download.freedesktop.org/ldtp/doc/ldtp-tutorial.pdf LDTP - Tutorial is written by  Nagappan Alagappan. He has given the clear idea and architecture of the LDTP and its working. I have used the contents from the tutorial for knowledge sharing. Following are the few information and contents from  the LDTP - Tutorial. Few interesting key points, Linux Desktop Testing Project (LDTP) i s aimed at producing high quality test automation framework and cutting-edge tools that can be used to test GNU/Linux Desktop and improve it.  It uses the Accessibility libraries to poke through the application's user interface.  This idea has been extended to Microsoft Windows as Cobra , Mac OS X as ATOMa...
Read more