0x01 0DAY ALL DAY RESEARCH EVENT

Hacking, Drinking, & Hacking...

When: June 9th, 2018
Time: 10:00 AM to 11:59 PM
Where: GeniusDen 3106 Commerce St, Dallas, TX 75226

RSVP on Meetup

Food & Drinks:

  • There are several great places nearby to grab food.
  • There will be some free booze (vodka, whiskey, beer) If you want you can bring some more.

Rules:

  • Must participate. Researching for others counts
  • If you find a vulnerability it's yours.
  • If there is a bug bounty you get to choose what to do with the money. Sponsor next event or keep it. Maybe a little of both.
  • Smoking analog or vape please step outside.
  • Targets are on 192.168.66.0/24 network stay there :)
  • Don't be a dick.

Prize's:

  • Most found CVE's - $50 Gift Card to Amazon
  • Best vulnerability found - $25 Gift Card to Amazon
  • Community MVP - $25 Gift Card to Amazon
  • Miss Congeniality - Hugs and Free 0DayAllDay t-shirt

Hacking:

This quarters theme is Password Managers and their associated Android applications.

Details of targets

  • Domain Server and General Info

    • HOST
      • Domain Controller Windows Server 2016
      • IP: 192.168.66.100
      • Domain: blackmarble.sh
      • Admin: administrator
      • Pass: ][Password][
      • Other users:
        • fox.zero
        • fox.one
        • ...
        • fox.ten
      • Global Read-Only Share: //WIN-7LPVLIICTR2/Data
        • cacert.pem This file is for importing into Burp for Android.
        • apks folder has all the .apk install files along with the decompiled source code.
        • Keeper folder has the install files for keeper along with it's agents.
        • ManageEngine PMP folder has the Windows agent and the installer.
        • gray folder has a .net decompiler program and injector
        • Thycotic has the agents and installer.
      • Global Read/Write Share: //WIN-7LPVLIICTR2/Share
        • Feel free to put whatever here.
    • Software
  • Android

    • HOST

    • Software

      • Keeper
      • Thycotic Secret Server
      • Thycotic PAM
      • Password Manager - Zoho Vault
      • PMP (Couldn't get to work)
      • LastPass
      • Norton IDSafe
      • Google Play store works, If you want to attack something else thats okay.
    • Burp Configuration

      • Import the cacert.pem into your Burp. (Make sure you regenerate after you leave)
      • In the Android VM, Hit ALT+F1 to access terminal.
      • su to root
      • Configure iptables to redirect traffic to your Burp.
      • iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination BURP_ADDRESS:BURP_PORT
      • iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination BURP_ADDRESS:BURP_PORT
      • Restart the VM if you want to flush out existing iptable rules.
      • If you want to use your own cert check out my blog entry here
    • ADB Configuration

      • Android Documentation can be found here
      • In the Android VM, Hit ALT+F1 to access terminal.
      • Get the IP Address: ifconfig
      • adb connect ip_address