0x01 0DAY ALL DAY RESEARCH EVENT
Hacking, Drinking, & Hacking...
When: June 9th, 2018
Time: 10:00 AM to 11:59 PM
Where: GeniusDen 3106 Commerce St, Dallas, TX 75226
RSVP on Meetup
Food & Drinks:
- There are several great places nearby to grab food.
- There will be some free booze (vodka, whiskey, beer) If you want you can bring some more.
Rules:
- Must participate. Researching for others counts
- If you find a vulnerability it's yours.
- If there is a bug bounty you get to choose what to do with the money. Sponsor next event or keep it. Maybe a little of both.
- Smoking analog or vape please step outside.
- Targets are on 192.168.66.0/24 network stay there :)
- Don't be a dick.
Prize's:
- Most found CVE's - $50 Gift Card to Amazon
- Best vulnerability found - $25 Gift Card to Amazon
- Community MVP - $25 Gift Card to Amazon
- Miss Congeniality - Hugs and Free 0DayAllDay t-shirt
Hacking:
This quarters theme is Password Managers and their associated Android applications.
- Keeper Security (Business) BugCrowd
- 1Password BugCrowd
- Thycotic Secret Server
- ManageEngine Password Manager Pro
- ZOHO Vault BugBounty
Details of targets
-
Domain Server and General Info
- HOST
- Domain Controller Windows Server 2016
- IP: 192.168.66.100
- Domain: blackmarble.sh
- Admin: administrator
- Pass: ][Password][
- Other users:
- fox.zero
- fox.one
- ...
- fox.ten
- Global Read-Only Share: //WIN-7LPVLIICTR2/Data
- cacert.pem This file is for importing into Burp for Android.
- apks folder has all the .apk install files along with the decompiled source code.
- Keeper folder has the install files for keeper along with it's agents.
- ManageEngine PMP folder has the Windows agent and the installer.
- gray folder has a .net decompiler program and injector
- Thycotic has the agents and installer.
- Global Read/Write Share: //WIN-7LPVLIICTR2/Share
- Feel free to put whatever here.
- Software
- Thycotic Secret Server
- URL: https://192.168.66.100/SecretServer
- USER: admint
- PASS: ][Password][
- Thycotic Privliage Manager
- URL: https://192.168.66.100/TMS/PrivilegeManager
- USER: admint
- PASS: ][Password][
- ManageEngine Password Manager Pro
- URL: https://192.168.66.100:7272/PassTrixMain.cc
- USER: admin
- PASS: admin
- Keeper
- Connector (bridge) is setup on 192.168.66.100
- URL: https://keepersecurity.com/en_US/console/#login
- USER: init6@init6.me
- PASS: Will be disclosed at event.
- ZOHO Vault
- Connector (bridge) is setup on 192.168.66.100
- URL: https://vault.zoho.com/online/main
- USER: init6@init6.me
- PASS: Will be disclosed at event.
- 1Password (Online Only)
- Thycotic Secret Server
- HOST
-
Android
-
HOST
- http://www.android-x86.org
- IP: 192.168.11.11
- VNC Ports: 6000 - 6017
- To connect I suggest using Remmina.
- Google User: blackmarble@gmail.com
- Google Pass: Will be disclosed at event if you need it.
-
Software
- Keeper
- Thycotic Secret Server
- Thycotic PAM
- Password Manager - Zoho Vault
- PMP (Couldn't get to work)
- LastPass
- Norton IDSafe
- Google Play store works, If you want to attack something else thats okay.
-
Burp Configuration
- Import the cacert.pem into your Burp. (Make sure you regenerate after you leave)
- In the Android VM, Hit ALT+F1 to access terminal.
- su to root
- Configure iptables to redirect traffic to your Burp.
- iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination BURP_ADDRESS:BURP_PORT
- iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination BURP_ADDRESS:BURP_PORT
- Restart the VM if you want to flush out existing iptable rules.
- If you want to use your own cert check out my blog entry here
-
ADB Configuration
- Android Documentation can be found here
- In the Android VM, Hit ALT+F1 to access terminal.
- Get the IP Address: ifconfig
- adb connect ip_address
-