BlackMarble

0x00 0-DAY ALL DAY

Hacking, Barbecue, & Drinking...

When: March 31st, 2018 April 7th, 2018
Time: 11am to 8pm+
Where: INIT_6's place. DM for address.

Food:

  • I'll be providing Hamburgers, chips, dips, etc
  • BYOB - Bring Your Own Booze

Rules:

  • Must participate. Researching for others counts
  • If you find a vulnerability it's yours.
  • If there is a bug bounty you get to choose what to do with the money. Sponsor next event or keep it. Maybe a little of both.
  • A quick vape inside is fine, Long sessions step outside.
  • Smoking analog step outside.
  • Targets are on 192.168.66.0/24 network stay there :)
  • Don't be a dick.

Prize's:

  • Most found CVE's - $50 Gift Card to Amazon
  • Best vulnerability found - $50 Gift Card to Amazon
  • Community MVP - $25 Gift Card to Amazon
  • Miss Congeniality - $25 Gift Card to Amazon

Hacking:

Details of targets

  • Domain Server and General Info  HOST  Domain Controller Windows Server 2016 IP: 192.168.66.5 Domain: blackmarble.sh Admin: administrator Pass: ][Password][ Other users:  fox.zero fox.one ... fox.ten   Has a fun MFA thing to hack on ;) Global Share: \WIN-8CJ4M00PQSL\Data  has install files and some notes. gray folder has some .net decompiler programs cfr_0_122.jar is used to decompile java Feel free to put whatever here.      
  • ManageEngine AD360  HOST  Windows 2016 Server IP: 192.168.66.6 Hostname: MANAGEENGINE-01 User: administrator Pass: ][Password][ Share for AD360, ADFree Tools, ADManager Plus, ADSelfService Plus: \MANAGEENGINE-01\ManageEngine Share for ADUdit Plus: \MANAGEENGINE-01\ManageEngine2 Each program has a folder called output what has the decompiled java source code.   Software  AD360  http://192.168.66.6:8082   AD360 Manager Plus  http://192.168.66.6:8080   ADAudit Plus  http://192.168.66.6:8081   ADSelfService Plus  http://192.168.66.6:8888      
  • ManageEngine Password Manager Pro  HOST  Ubuntu Server 16.04.4 LTS IP: 192.168.66.25 Hostname: pmp User: fox Pass: ][Password][   Software  PMP  http://192.168.66.25:7272 Location: /home/fox/ManageEngine/PMP output folder has the decompiled source code.  /home/fox/ManageEngine/PMP/output /home/fox/ManageEngine/PMP/lib/output   What I have done so far https://init6.me/manageengine-password-pro/      
  • Jira  HOST  CentOS 7 IP: 192.168.66.10 User: root Pass: ][Password][   Software  http://192.168.66.25:8080 User: fox Pass: ][Password][ Data locations  /var/atlassian/application-data/jira /opt/atlassian/jira output has the decompiled java source code Settings -> Application page has a spot to Upload an application which is where I want to start.      
  • Cylance  HOST  Windows 10 Pro IP: 192.168.66.23 Hostname: Cylance-01.blackmarble.sh User: Administrator Pass: ][Password][    
Author image
About INIT_6
DFW Website
Jason is well known in the InfoSec field as an expert in hardware, web app, and mobile applications exploit research. Jason frequently speaks at security events, and active in the local community.