Hacking, Drinking, & Hacking...

When: June 9th, 2018
Time: 10:00 AM to 11:59 PM
Where: GeniusDen 3106 Commerce St, Dallas, TX 75226

RSVP on Meetup

Food & Drinks:

  • There are several great places nearby to grab food.
  • There will be some free booze (vodka, whiskey, beer) If you want you can bring some more.


  • Must participate. Researching for others counts
  • If you find a vulnerability it's yours.
  • If there is a bug bounty you get to choose what to do with the money. Sponsor next event or keep it. Maybe a little of both.
  • Smoking analog or vape please step outside.
  • Targets are on network stay there :)
  • Don't be a dick.


  • Most found CVE's - $50 Gift Card to Amazon
  • Best vulnerability found - $25 Gift Card to Amazon
  • Community MVP - $25 Gift Card to Amazon
  • Miss Congeniality - Hugs and Free 0DayAllDay t-shirt


This quarters theme is Password Managers and their associated Android applications.

Details of targets

  • Domain Server and General Info

    • HOST
      • Domain Controller Windows Server 2016
      • IP:
      • Domain:
      • Admin: administrator
      • Pass: ][Password][
      • Other users:
        • ...
        • fox.ten
      • Global Read-Only Share: //WIN-7LPVLIICTR2/Data
        • cacert.pem This file is for importing into Burp for Android.
        • apks folder has all the .apk install files along with the decompiled source code.
        • Keeper folder has the install files for keeper along with it's agents.
        • ManageEngine PMP folder has the Windows agent and the installer.
        • gray folder has a .net decompiler program and injector
        • Thycotic has the agents and installer.
      • Global Read/Write Share: //WIN-7LPVLIICTR2/Share
        • Feel free to put whatever here.
    • Software
  • Android

    • HOST

    • Software

      • Keeper
      • Thycotic Secret Server
      • Thycotic PAM
      • Password Manager - Zoho Vault
      • PMP (Couldn't get to work)
      • LastPass
      • Norton IDSafe
      • Google Play store works, If you want to attack something else thats okay.
    • Burp Configuration

      • Import the cacert.pem into your Burp. (Make sure you regenerate after you leave)
      • In the Android VM, Hit ALT+F1 to access terminal.
      • su to root
      • Configure iptables to redirect traffic to your Burp.
      • iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination BURP_ADDRESS:BURP_PORT
      • iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination BURP_ADDRESS:BURP_PORT
      • Restart the VM if you want to flush out existing iptable rules.
      • If you want to use your own cert check out my blog entry here
    • ADB Configuration

      • Android Documentation can be found here
      • In the Android VM, Hit ALT+F1 to access terminal.
      • Get the IP Address: ifconfig
      • adb connect ip_address

Author image
About INIT_6
DFW Website
Jason is well known in the InfoSec field as an expert in hardware, web app, and mobile applications exploit research. Jason frequently speaks at security events, and active in the local community.