hackbattle proofnon00b part 2, let the games begin

Okey guys, so, so far we know who is Jennifer Kimari via the tool Maltego, and all we know she was found in Facebook. So lets go ahead and add her as my friend, and figure out what she says, what she does and some other info about her.


And we should be here, http://www.facebook.com/jennifer.kimari and on the page, we can see that she is talking about a blog in, http://109.228.10.136/?p=18.

So now we know about the server we need to get to. So lets go ahead and send some ICPM packets.











So we actually know those, we get them where? "iptables." This gives us an overview that this administrator has actually thought of ways to protect this box. So lets go ahead and nmap this server, non-intrusive manner and scan all the ports as below.

nmap -sV -PN 109.228.10.136 -p1-65355

Nmap scan report for hb (109.228.10.136)
Host is up (0.19s latency).
---------------------------
---------------------------
---------------------------
PORT STATE SERVICE VERSION
25/tcp filtered smtp
42/tcp filtered nameserver
80/tcp open http Apache httpd
113/tcp filtered auth
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
646/tcp filtered ldp
45000/tcp open ssh OpenSSH 4.3 (protocol 2.0)

From the nmap report, we have port 80 open, and port 45000, which means httpd and sshd are open.









So lets go ahead and find more intel on the servers website, which certainly looks like a blog, and so to confirm that, we try CTRL+U to read the source code, as below.



So with that we know we are behind wordpress 3.1.3. which can be found at http://wordpress.org/, an opensource CMS. So lets go ahead and fire some nikto and check if there are some vulnerabilities we can use against this CMS (Content Management). See below;














So we will continue with this next week, and see what else we will discover against this CMS.

Cheers all, keep tuned,

./Chucks

LATEST EN1 EXAM SCENARIO

So today i had promised i am posting more on the hackbattle, but i think i should post tomorrow, its been a long week, long day too, especially with some crazy stuff happening around.

So i had set an exam, and this was the scenario, and i would like to congratulate those who were able to hack into it, coz it was real tricky. We had a domain controller set on windows 2k8, well hardened and we had a firewall in front to the Internet, and also an XP machine that had joined the domain.

Below is the scenario:

hackbattle proofnon00b part 1, let the games begin

On the morning of 10th, Feb i.e. midnight 0000hrs, 4 participants, Kelly, Bright, Brian and Alex, got a text message below;

HACKBATTLE,  Miss Jennifer Kimari is suspected to help Drug Lords in laundering money. As far as we know she is Kenyan, she uses a server to store that data. She has a lot of birds interest which gives her unrestricted access to Caribbean border. We need full evidence and information about next shipment. Please use all tools u can gain access to, to get us that information for her arrest by 14th next week. Good luck.

By the next morning i had already received called from several guys wondering why they dint recieve the info about the battle, though they hadnt registered. I also was asked why i dint give out the IP, but this was the scenario as of the pre-hackbattle.

Several people wondered what they will need to do to finish the game, but amazingly as i started to tweet with clues, several rogue IPs started to show at the Hackbattle Infrastructure. Most of them were shooting in the dark, since they were just scanning the web pages for more information.

Now the first thing a hacker would have done is to either keenly Google with specific dorks to find Jenn or use Maltego as below:

I will be posting on part 2, for the continuation as soon as possible, keep tuned.

./Chucks