Sunday, October 27, 2019

hacker:HUNTER - Wannacry: The Marcus Hutchins Story

One day in May 2017, computers all around the world suddenly shut down. A malware called WannaCry asks for a ransom. The epidemic suddenly stops, because a young, British researcher finds a killswitch, by accident.





Tuesday, October 15, 2019

Avoid Lagging VirtualBox Guest With Linux

You may found Linux VirtualBox guest lagging on audio with video playback and slow performance on the whole guest. The culprit is audio driver that you even do not believe in.

Set the audio controller to "Intel HD Audio" and driver to "ALSA Audio Driver" to solve the problem on Ubuntu Host. I well tested this setting on the following environments :

(1) Ubuntu Desktop 19.04 Host with Ubuntu Desktop 19.04 Guest
(2) Ubuntu Desktop 19.04 Host with Kali Linux Rolling Guest
(3) MacOS Catalina Host with Ubuntu Desktop 19.04 Guest (CoreAudio and Intel HD Audio)

That's all! See you.


Saturday, October 12, 2019

bossplayersCTF : 1



Aimed at Beginner Security Professionals who want to get their feet wet into doing some CTF's. It should take around 30 minutes to root.

Download : https://www.vulnhub.com/entry/bossplayersctf-1,375/
Difficulty : Beginners
Format : OVA (VirtualBox)

To find the IP address of the box in the network by running nmap.

001.png

Further scan all ports of the box.

002.png

The website is running on port 80.

003.png

Check the source code of the page and found a hash at the bottom of the page.

004.png

005.png

Suspected that the hash is base64 decoded. Try to decode it.

006.png

After the decoding, the result is "workinprogress.php". Let's browse it.

007.png

The page says that "test ping command". Let's test it for "cmd" parameter.

008.png

The command is executed. To pawn a reverse shell.

009.png

To find if there is any file with sticky bit.
010.png

The result is "find". Try to privilege escalation.

011.png

012.png

Decode the "root.txt". Root is dancing!

013.png

After thought

It is a traditional Capture The Flag (CTF) box with base64 decode and sticky bit searching. Recommended.

Samiux
OSCE OSCP OSWP
October 12, 2019, China, Hong Kong


Friday, October 11, 2019

Hacker Fest 2019



The machine was part of Martin Haller workshop for Hacker Fest 2019 at Prague. There are two ways to exploit it.

Download : https://www.vulnhub.com/entry/hacker-fest-2019,378/
Difficulty : Beginners
Format : OVA (VirtualBox)

To find the IP address of the box in the network by running nmap.

s1_001.png

Further scan all ports of the box.

s1_002.png

Solution #1

There is a webmin running on port 10000 with SSL. The version is 1.890. This version is vulnerable to remote command execution by a backdoor as root (http://www.webmin.com/exploit.html).

s1_003.png

To launch Metasploit.

s1_004.png

Select "exploit/unix/webapp/webmin_backdoor".

s1_005.png

s1_006.png

Run "exploit" and got root.

s1_007.png

However, you cannot go to other directories.

s1_008.png

Run "shell" to get an interactive shell.

s1_009.png

Go to "/root" and got the "flag.txt". Root is dancing!

s1_010.png

s1_011.png

Solution #2

It is running a Wordpress site at port 80.

s2_001.png

Run "wpscan" to check. Since I do not have API token, the vulnerabilities cannot be shown.

s2_002.png

It reports "wp-google-maps" plugin is out of date. The version may be 7.10.02 as "wpscan" do not sure. This plugin may be vulnerable to SQL injection with CVE-2019-10692 (https://www.cybersecurity-help.cz/vdb/SB2019040604?affChecked=1).

s2_004.png

Launch Metasploit.

s2_005.png

Select "auxiliary/admin/http/wp_google_maps_sqli".

s2_006.png

Run "run" and got the hash of the "webmaster" account.

s2_007.png

To brute force the password of "webmaster" with "john" and "rockyou.txt". Then got the password.

s2_008.png

Then login to the box with "ssh" with the getting username and password. To privilege escalation with "sudo" and got the "flag.txt". Root is dancing!

s2_009.png

After thought

It is a real case scenario and without tricky like Capture The Flag (CTF). Recommended.

Samiux
OSCE OSCP OSWP
October 11, 2019, China, Hong Kong


Tuesday, October 08, 2019

HOWTO : Install Metasploit Framework 5.0.53 on Ubuntu Desktop 19.04

Install dependencies :

sudo apt -y install curl

Download the installer :

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

chmod +x msfinstall


Run the installer :

./msfinstall

Initialize the msfdb :

msfdb init

or

msfdb reinit

You may need to answer two questions about setting up web version of Metasploit Framework.

Run the Metasploit Framework :

msfdb start

or

msfdb restart

msfconsole

Stop database :

msfdb stop

That's all! See you.