Hacking, Barbecue, & Drinking...
March 31st, 2018 April 7th, 2018
Time: 11am to 8pm+
Where: INIT_6's place. DM for address.
- I'll be providing Hamburgers, chips, dips, etc
- BYOB - Bring Your Own Booze
- Must participate. Researching for others counts
- If you find a vulnerability it's yours.
- If there is a bug bounty you get to choose what to do with the money. Sponsor next event or keep it. Maybe a little of both.
- A quick vape inside is fine, Long sessions step outside.
- Smoking analog step outside.
- Targets are on 192.168.66.0/24 network stay there :)
- Don't be a dick.
- Most found CVE's - $50 Gift Card to Amazon
- Best vulnerability found - $50 Gift Card to Amazon
- Community MVP - $25 Gift Card to Amazon
- Miss Congeniality - $25 Gift Card to Amazon
- ManageEngine AD360
- ManageEngine Password Manager Pro
- Atlassian Jira
- Cylance CylancePROTECT
- Cylance CylanceOPTICS
- MFA details provided at event.
- These are all VM's I can reset them if needed.
Details of targets
- Domain Server and General Info HOST Domain Controller Windows Server 2016 IP: 192.168.66.5 Domain: blackmarble.sh Admin: administrator Pass: ][Password][ Other users: fox.zero fox.one ... fox.ten Has a fun MFA thing to hack on ;) Global Share: \WIN-8CJ4M00PQSL\Data has install files and some notes. gray folder has some .net decompiler programs cfr_0_122.jar is used to decompile java Feel free to put whatever here.
- ManageEngine AD360 HOST Windows 2016 Server IP: 192.168.66.6 Hostname: MANAGEENGINE-01 User: administrator Pass: ][Password][ Share for AD360, ADFree Tools, ADManager Plus, ADSelfService Plus: \MANAGEENGINE-01\ManageEngine Share for ADUdit Plus: \MANAGEENGINE-01\ManageEngine2 Each program has a folder called output what has the decompiled java source code. Software AD360 http://192.168.66.6:8082 AD360 Manager Plus http://192.168.66.6:8080 ADAudit Plus http://192.168.66.6:8081 ADSelfService Plus http://192.168.66.6:8888
- ManageEngine Password Manager Pro HOST Ubuntu Server 16.04.4 LTS IP: 192.168.66.25 Hostname: pmp User: fox Pass: ][Password][ Software PMP http://192.168.66.25:7272 Location: /home/fox/ManageEngine/PMP output folder has the decompiled source code. /home/fox/ManageEngine/PMP/output /home/fox/ManageEngine/PMP/lib/output What I have done so far https://init6.me/manageengine-password-pro/
- Jira HOST CentOS 7 IP: 192.168.66.10 User: root Pass: ][Password][ Software http://192.168.66.25:8080 User: fox Pass: ][Password][ Data locations /var/atlassian/application-data/jira /opt/atlassian/jira output has the decompiled java source code Settings -> Application page has a spot to Upload an application which is where I want to start.
- Cylance HOST Windows 10 Pro IP: 192.168.66.23 Hostname: Cylance-01.blackmarble.sh User: Administrator Pass: ][Password][