---------- Forwarded message ---------- From: Gichuki John Chuksjonia <chuksjonia@gmail.com> Date: Fri, 12 Oct 2012 18:55:47 +0300 Subject: Re: [Security Forum] HACKBATTLE 2012 OFFICIALLY STARTS (Engage TheBlackhat) To: "Security Forum All information security discussions in Africa are done here (Hacking, Decryptions, Security management, physical security, Disastor Recovery, Security Assessments etc etc)" <security@lists.my.co.ke> Update on the scenerios for the Hackbattle2012 rerun, http://chuksjonia.blogspot.com/2012/10/hackbattle2012-rerun.html On 10/12/12, Gichuki John Chuksjonia <chuksjonia@gmail.com> wrote:
Alright Alright, lets be at CIO morrow from 3pm to 4pm, lets keep time #Hackbattle2012. Am hoping the rerun is going okay for each team.
On 10/10/12, Gichuki John Chuksjonia <chuksjonia@gmail.com> wrote:
All teams on Hackbattle2012 are invited, please, Teams leaders confirm.
On 10/10/12, Peter Mwangi <mngugi7@gmail.com> wrote:
I would love to attend Chucks and catchup with the proceedings , please list my name . Kind regards
On Tue, Oct 9, 2012 at 9:46 AM, fredrick Wahome <frewah85@gmail.com> wrote:
Ok...Good..Confirmed
On Tue, Oct 9, 2012 at 4:54 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
Teams, CIO magazine will host a meetup October 13th on Saturday afternoon, discussions on how the last engagement was achieved also brainstorming on the current HB rerun. teams that will be available kindly confirm.
Meeting Point is at Muthaiga, CIO Offices, Limuru Road, opp White House, Croze 605, you will see it as you come from Muthaiga Mini-Market, then get all the way to the Orange gate. If you can't find it, search for CIO East Africa on Google-maps.
Lemmie know if you will be available.
./Chucks
On 10/9/12, Samuel Mwai <samuelmwai@gmail.com> wrote:
cool...we r definitley on
On Tue, Oct 9, 2012 at 1:21 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
> All teams. all servers are ready. rematch goes on until October > 20th. > > Each server has 5 Vulnerabilities, and i have set everything to > simpler state for a better exercise to learn from each other. > > We will rerun Engage the Blackhat next year, on Hackbattle2013. > > On 10/9/12, Gichuki John Chuksjonia <chuksjonia@gmail.com> wrote: > > Thank you all. > > > > Been renewing the servers so that we can have a rematch as soon > > as > > possible. For those teams who atleast accessed the servers from > > the > > previous engagement, please send me your names, so that we can prepare > > your Tshirts, Teams #OwnerZ and Team #Takerz. Congrats for a job > > well > > done. > > > > Kindly also prepare documentation on how you broke into the Web > > App > > vulnerabilities, hoping you have snapshots too, so that we can > > post > > for everyone to see and learn from you. > > > > #Hackbattle2012 rematch should start today in a few hours. > > > > > > Regards, > > > > ./Chucks > > > > On 10/9/12, Victor Akidiva <akidiva@gmail.com> wrote: > >> I second the motion......*applause* > >> > >> Kudos to chucks and all the participants who made it possible. > >> > >> AK. > >> > >> On Tue, Oct 9, 2012 at 10:09 AM, kipropest > >> <kipropbrian@gmail.com> > wrote: > >> > >>> *applause* > >>> > >>> > >>> On Mon, Oct 8, 2012 at 11:19 AM, Gichuki John Chuksjonia < > >>> chuksjonia@gmail.com> wrote: > >>> > >>>> So far so good. > >>>> > >>>> All teams were able to find vulnerabilities in both > >>>> webservers, one > >>>> running joomla and the other drupal / ViArt Shop Enterprise > >>>> and they > >>>> were able to load up webshells. > >>>> > >>>> So after webshells were loaded, they recognized users on /etc/passwd > >>>> and decided to log in using these usernames. > >>>> > >>>> First mistakes each team did was to look for a short cut to > >>>> hack > >>>> into > >>>> these servers via kernels exploitation, i knew that would > >>>> happen. No > >>>> one took time to read /etc/passwd to think about why not we > >>>> even try > >>>> the second user. Both these users had simple passwords, eg > >>>> cpanel > >>>> was > >>>> 'cpanel123' and shiro had 'goodafternoon' which was a password used > >>>> in > >>>> mysql, found on config file for the web app. > >>>> > >>>> If these teams looked clearly, they would have checked Desktop > >>>> directory home directory of each server. > >>>> > >>>> With this info picked up, if anyone looked into these home directory > >>>> as below, they would have found the shadow file as below, > >>>> > >>>> tcpdump **Never logged in** > >>>> webmaster pts/0 212.22.185.130 Fri Oct 5 10:32:52 +0100 > >>>> 2012 > >>>> cpanel pts/3 server109-xxx.xxx. Mon Oct 8 > >>>> 08:32:46 > >>>> +0100 > >>>> 2012 > >>>> memcached **Never logged in** > >>>> [cpanel@server109-xxx.-xxx-xxx ~]$ ls > >>>> Maildir shadow > >>>> > >>>> > >>>> and on the other box, the home directory had a mail folder, > >>>> and they > >>>> could have gone ahead and found a mail as below > >>>> > >>>> tcpdump:x:72:72::/:/sbin/nologin > >>>> suzie:x:500:500:suzie,suzie,373637,37363873:/home/suzie:/bin/bash > >>>> shiro:x:501:501::/home/shiro:/bin/bash > >>>> [root@server109-xxx-xxx-xxx ~]# cd /home/shiro/ > >>>> [root@server109-xxx-xxx-xxx shiro]# ls > >>>> Maildir > >>>> [root@server109-xxx-xxx-xxx shiro]# cd Maildir/ > >>>> [root@server109- Maildir]# ls > >>>> cur new > >>>> [root@server109-xxx-xxx-xxx Maildir]# cd cur/ > >>>> [root@server109-xxx-xxx-xxx cur]# ls > >>>> mail1 > >>>> [root@server109-xxx-xxx-xxx cur]# cat mail1 > >>>> 15th September 2012 mail1 password is mrfreakshow2012 > >>>> > >>>> > >>>> 3rd October 2012 The black hat team gained this access, thank > >>>> you > >>>> for > >>>> your coperation, #Blackdiamond #hackbattle2012 > >>>> > >>>> So right now am reseting the servers, the BH team has > >>>> forwarded all > >>>> credentials and am hoping we should be back to the whole game again > >>>> by > >>>> evening. > >>>> > >>>> Good luck to all. > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> On 10/4/12, Gichuki John Chuksjonia <chuksjonia@gmail.com> > >>>> wrote: > >>>> > So am speaking with a Head of Security in one of the biggest banks > >>>> > about #Hackbattle2012 and after i showed her how to gain > >>>> > root, she > >>>> > says, who ever gets the SU by Friday night, Taken2 tickets > >>>> > are his > >>>> > and > >>>> > the team, for Saturday Show in Westgate. Good luck ya'all. > >>>> > > >>>> > On 10/2/12, Gichuki John Chuksjonia <chuksjonia@gmail.com> wrote: > >>>> >> Okay, a team has gained access to one of the servers, > >>>> >> update soon > on > >>>> >> twitter. > >>>> >> > >>>> >> On 10/2/12, Justin Mosbey <mosbeyj@gmail.com> wrote: > >>>> >>> Deepest Condolence Peter. > >>>> >>> > >>>> >>> Best wishes to all teams, while you are at it > >>>> >>> #HACKBATTLE2012 > >>>> >>> make > >>>> sure > >>>> >>> you > >>>> >>> find some time and watch the movie/documentary "We Are > >>>> >>> Legion > >>>> >>> 2012"- > >>>> The > >>>> >>> story of the Hacktivists. > >>>> >>> > >>>> >>> Regards, > >>>> >>> Justin > >>>> >>> > >>>> >> > >>>> >> > >>>> >> -- > >>>> >> -- > >>>> >> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P > >>>> >> I.T Security Analyst and Penetration Tester > >>>> >> jgichuki at inbox d0t com > >>>> >> > >>>> >> {FORUM}http://lists.my.co.ke/pipermail/security/ > >>>> >> http://chuksjonia.blogspot.com/ > >>>> >> > >>>> > > >>>> > > >>>> > -- > >>>> > -- > >>>> > Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P > >>>> > I.T Security Analyst and Penetration Tester > >>>> > jgichuki at inbox d0t com > >>>> > > >>>> > {FORUM}http://lists.my.co.ke/pipermail/security/ > >>>> > http://chuksjonia.blogspot.com/ > >>>> > > >>>> > >>>> > >>>> -- > >>>> -- > >>>> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P > >>>> I.T Security Analyst and Penetration Tester > >>>> jgichuki at inbox d0t com > >>>> > >>>> {FORUM}http://lists.my.co.ke/pipermail/security/ > >>>> http://chuksjonia.blogspot.com/ > >>>> _______________________________________________ > >>>> Security mailing list > >>>> Security@lists.my.co.ke > >>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/security > >>>> > >>> > >>> > >>> _______________________________________________ > >>> Security mailing list > >>> Security@lists.my.co.ke > >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/security > >>> > >>> > >> > >> > >> -- > >> Know thy enemy and know thyself, and you shall survive the > >> outcome of > >> a > >> thousand battles. > >> > > > > > > -- > > -- > > Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P > > I.T Security Analyst and Penetration Tester > > jgichuki at inbox d0t com > > > > {FORUM}http://lists.my.co.ke/pipermail/security/ > > http://chuksjonia.blogspot.com/ > > > > > -- > -- > Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P > I.T Security Analyst and Penetration Tester > jgichuki at inbox d0t com > > {FORUM}http://lists.my.co.ke/pipermail/security/ > http://chuksjonia.blogspot.com/ > _______________________________________________ > Security mailing list > Security@lists.my.co.ke > http://lists.my.co.ke/cgi-bin/mailman/listinfo/security >
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ Security mailing list Security@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
-- Kind Regards;
------------------------------------------ *Fredrick Wahome Ndung'u Team Leader Secunets Technologies Website: www.secunets.co.ke <http://www.secunets.com> Cell: +254725264890 Email: fred@secunets.co.ke <fred@secunets.com> Experts in: Web 2.0 Applications, Domain Registration, Web Hosting, Information Security, Linux Applications, Computer Forensic & I.C.T Consultancy.
"Secure Business Technology"*
------------------------------------------------------------------------------- *SECUNETS TECHNOLOGIES DISCLAIMER:*
This email message and any file(s) transmitted with it is intended solely for the individual or entity to whom it is addressed and may contain confidential and/or legally privileged information which confidentiality and/or privilege is not lost or waived by reason of mistaken transmission. If you have received this message by error you are not authorized to view disseminate distribute or copy the message without the written consent of Secunets Technologies and are requested to contact the sender by telephone or e-mail and destroy the original. Although Secunets Technologies takes all reasonable precautions to ensure that this message and any file transmitted with it is virus free, Secunets Technologies accepts no liability for any damage that may be caused by any virus transmitted by this email.
_______________________________________________ Security mailing list Security@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ -- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
participants (1)
-
Gichuki John Chuksjonia