what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Monday, February 27, 2012

hackbattle proofnon00b part 2, let the games begin


Okey guys, so, so far we know who is Jennifer Kimari via the tool Maltego, and all we know she was found in Facebook. So lets go ahead and add her as my friend, and figure out what she says, what she does and some other info about her.


And we should be here, http://www.facebook.com/jennifer.kimari and on the page, we can see that she is talking about a blog in, http://109.228.10.136/?p=18.

So now we know about the server we need to get to. So lets go ahead and send some ICPM packets.











So we actually know those, we get them where? "iptables." This gives us an overview that this administrator has actually thought of ways to protect this box. So lets go ahead and nmap this server, non-intrusive manner and scan all the ports as below.

nmap -sV -PN 109.228.10.136 -p1-65355

Nmap scan report for hb (109.228.10.136)
Host is up (0.19s latency).
---------------------------
---------------------------
---------------------------
PORT STATE SERVICE VERSION
25/tcp filtered smtp
42/tcp filtered nameserver
80/tcp open http Apache httpd
113/tcp filtered auth
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
646/tcp filtered ldp
45000/tcp open ssh OpenSSH 4.3 (protocol 2.0)

From the nmap report, we have port 80 open, and port 45000, which means httpd and sshd are open.









So lets go ahead and find more intel on the servers website, which certainly looks like a blog, and so to confirm that, we try CTRL+U to read the source code, as below.



So with that we know we are behind wordpress 3.1.3. which can be found at http://wordpress.org/, an opensource CMS. So lets go ahead and fire some nikto and check if there are some vulnerabilities we can use against this CMS (Content Management). See below;














So we will continue with this next week, and see what else we will discover against this CMS.

Cheers all, keep tuned,

./Chucks

Sunday, February 26, 2012

LATEST EN1 EXAM SCENARIO

So today i had promised i am posting more on the hackbattle, but i think i should post tomorrow, its been a long week, long day too, especially with some crazy stuff happening around.

So i had set an exam, and this was the scenario, and i would like to congratulate those who were able to hack into it, coz it was real tricky. We had a domain controller set on windows 2k8, well hardened and we had a firewall in front to the Internet, and also an XP machine that had joined the domain.

Below is the scenario:

Sunday, February 19, 2012

hackbattle proofnon00b part 1, let the games begin

On the morning of 10th, Feb i.e. midnight 0000hrs, 4 participants, Kelly, Bright, Brian and Alex, got a text message below;
HACKBATTLE,  Miss Jennifer Kimari is suspected to help Drug Lords in laundering money. As far as we know she is Kenyan, she uses a server to store that data. She has a lot of birds interest which gives her unrestricted access to Caribbean border. We need full evidence and information about next shipment. Please use all tools u can gain access to, to get us that information for her arrest by 14th next week. Good luck.
By the next morning i had already received called from several guys wondering why they dint recieve the info about the battle, though they hadnt registered. I also was asked why i dint give out the IP, but this was the scenario as of the pre-hackbattle.

Several people wondered what they will need to do to finish the game, but amazingly as i started to tweet with clues, several rogue IPs started to show at the Hackbattle Infrastructure. Most of them were shooting in the dark, since they were just scanning the web pages for more information.

Now the first thing a hacker would have done is to either keenly Google with specific dorks to find Jenn or use Maltego as below:

I will be posting on part 2, for the continuation as soon as possible, keep tuned.

./Chucks

Monday, February 13, 2012

HINTS ABOUT PREHACKBATTLE

Lately we did set up a pre-hackbattle, which is supposed to end on 14th Feb 2012. I have given the participants clues and hints on breaking into this infrastructure on my tweeter feed, @chuksjonia, see also the tag, #hackbattle

See as below.

1. clue number 1, jenniffer.kimari at gmail dot com
2. clue number 2, Q: do you do backups? A: Yes sir, mysqldump!
3. clue number 3, scholastika.muraguri at gmail dot com
4. clue number 4, best flaw, top 5 2007 OWASP

Clue number five should be published by 14th Feb in the morning. Now what i have learned is that most of the pentesters in KE rely a lot on tools. PENTEST IS NEVER AUTOMATED.

So a lot of participants are really rushing into breaking in, which is where they are loosing control. Am finding other people scanning up the webapps, others bruteforcing and they lack the idea of the infrastructure.

I needed everyone who is doing this game to think like a blackhat, this game is a Covert forensics surveillance. So what happens if an Agency asks you to do such a job for them, do you start scanning, or do you learn the target first?

One thing i would like to clarify is take your time, open one screen to be running a movie beside you, don't rush. Take naps when you do this, get ideas, understand how the admin and the developer created the infrastructure. Learn the OS the server is running, do threat intelligence as much as you can about the application.

Don't start shooting in a dagger fight. So its around 36 hrs remaining until we get a winner, which i hope we find soon.

Good luck to all playing, and we meet at the finish line.

./Chucks

Thursday, February 09, 2012

PRE-HACKBATTLE PRONON00B

Pre-hackbattle set to start 0000hrs Friday 10th, and this will open up the gates for later battle this year.

Currently we don't have many contestants, but we will work with what we have.

We are like 11 hrs to go before we start, and we should have some results by 14th of February.

Cheers,

./Chucks

Monday, February 06, 2012

PRE-HACKBATTLE CODENAME -ProofNoN00b

So we are starting the pre-hackbattle this week and we are still waiting for registrations from members of Security Forum, though its taking long. We are expecting to start on 10th of this February, and we should be able to announce the winners by 14th this Feb.

Competitors will be expected to send 500/- bob on Mpesa to Kennedy
Kasina, 0720-269-850, to register for the competition. An email with
the IPs will be sent via email to the registered members.


The funds collected will be used to pay for the infrastructure since we don't have sponsorship, the servers bought for this came straight from my pocket. Extra amount, we are thinking of giving it to Children Home around Nairobi.

Rules:

1. Any personnel involved with the infrastructure set up will be
disqualified for the contest
2. Every registered competitor will be needed to have a full report of
his actions
3. Any changes of the major file to mess up with the checksum, will be
considered as a disqualification.
4. Any type of DOS will have your IPs blocked
5. Teamwork is allowed.
6. Winners will have to show how they hacked on major hackbattle later
this year.
7. The registration will only be allowed from EAC members.
8. Trying to social engineer moderators will be considered as a cool :)
9. How to win, hack the infrastructure the fastest

Remember, ANY ACTIONS OUTSIDE OF THESE RULES WILL RESULT IN DISQUALIFICATION.