Unleash Your Hacking Skills with Advent of Cyber 2022

Table of Contents

1. Introduction
2. Day Three: Open Source Intelligence (OSINT)
   • 2.1 What is OSINT?
   • 2.2 Gathering Open Source Information
   • 2.3 Exploring the Website Source Code
   • 2.4 Finding Sensitive Credentials
   • 2.5 Identifying the QA Server
   • 2.6 Reusing Database Passwords
3. Day Four: Scanning Techniques
   • 3.1 Introduction to Scanning
   • 3.2 Port Scanning
   • 3.3 Vulnerability Scanning
   • 3.4 Mapping the Network
   • 3.5 Identifying the HTTP Server
   • 3.6 Accessing the Samba Service
   • 3.7 Finding the Password for Santa HR

1. Introduction

In this article, we will be discussing days three and four of the TriacMe Advent 2022 event. We will Delve into the topics of open source intelligence (OSINT) and scanning techniques to uncover vulnerabilities in a website. Join us as we explore the intriguing challenges and solutions encountered during these days' tasks. So, let's dive right in!

2. Day Three: Open Source Intelligence (OSINT)

2.1 What is OSINT?

Open source intelligence, commonly known as OSINT, is the practice of gathering information from publicly available sources. It involves utilizing various techniques to extract data that can be valuable for analysis, investigation, or decision-making purposes.

2.2 Gathering Open Source Information

On day three, the participants of the TriacMe event were tasked with aiding Recon McCret in investigating the compromised Santa gift shop website. The objective was to Gather open source information about the website to determine how the compromise occurred.

2.3 Exploring the Website Source Code

One of the initial steps in the investigation was to examine the source code of the website. By accessing the website's source code on GitHub, Recon McCret hoped to find clues about the vulnerability that led to the compromise. They employed specific search terms, such as "Santa gift," to narrow down their search and locate Relevant files.

2.4 Finding Sensitive Credentials

During the exploration of the source code, Recon McCret stumbled upon a file containing sensitive credentials. This file, named "config.php," stored information like database passwords and usernames. By analyzing this file, Recon McCret was able to identify the database password used in both the QA and production environments.

2.5 Identifying the QA Server

In addition to finding sensitive credentials, Recon McCret was tasked with discovering the name of the QA server associated with the website. After thorough examination, they uncovered that the QA server was registered as "QA.SantaGift.shop."

2.6 Reusing Database Passwords

Further investigation revealed that the database password was being reused between the QA and production environments. This reuse of passwords posed a potential security risk and could have contributed to the compromise. Recon McCret discovered that the password "Santa2022" was used for both environments.

3. Day Four: Scanning Techniques

3.1 Introduction to Scanning

On day four, the focus shifted to scanning techniques. Recon McCret's objective was to scan the network and identify the cause of the website compromise. They utilized various scanning tools and methods to accomplish this task.

3.2 Port Scanning

Port scanning involves enumerating open ports on a network or a specific host. It helps identify services running on different ports and can be used to assess the security posture of a system. Recon McCret performed port scanning using tools like Nmap to identify the open ports on the server.

3.3 Vulnerability Scanning

Vulnerability scanning is a proactive method of identifying weaknesses or vulnerabilities in a system or network. Recon McCret utilized vulnerability scanning techniques to identify potential security flaws that could have led to the compromise of the Santa gift shop website.

3.4 Mapping the Network

Mapping the network involves visualizing the connections and relationships between various hosts, services, and devices on a network. Recon McCret used mapping techniques to gain a better understanding of the network infrastructure associated with the compromised website.

3.5 Identifying the HTTP Server

As part of the scanning process, Recon McCret aimed to determine the HTTP server running on the remote host. By employing tools like Nmap, they identified that the server was running on Apache, a popular open-source web server.

3.6 Accessing the Samba Service

Recon McCret encountered a Samba service during their scanning activities. To gain access to this service, they utilized the credentials obtained during the OSINT phase. This allowed them to explore the service further and look for any potential flags or clues related to the compromise.

3.7 Finding the Password for Santa HR

During their exploration of the Samba service, Recon McCret stumbled upon an account named "Santa HR." To proceed, they needed to find the password associated with this account. By using the provided credentials, they successfully accessed the Samba service and discovered that the password for "Santa HR" was "Santa25."

Highlights

• Open source intelligence (OSINT) involves gathering valuable information from public sources.
• Analyzing a website's source code can uncover clues about vulnerabilities.
• Reusing database passwords between environments can pose a security risk.
• Scanning techniques like port scanning and vulnerability scanning help identify weaknesses.
• Mapping the network provides insights into the infrastructure.
• Accessing services like Samba can reveal important information.
• The password for "Santa HR" was found to be "Santa25."

FAQs

Q: What is open source intelligence (OSINT)? A: Open source intelligence (OSINT) is the practice of gathering information from publicly available sources to make informed decisions or solve problems.

Q: How can scanning techniques help in detecting vulnerabilities? A: Scanning techniques like port scanning and vulnerability scanning help identify potential weaknesses in a system or network that could be exploited by attackers.

Q: Why is reusing database passwords between environments a security risk? A: Reusing passwords between environments increases the chances of a compromise. If one environment is compromised, the attacker gains access to all systems using the same password.

Q: What can be gained through mapping the network? A: Mapping the network provides a visual representation of the connections and relationships between different hosts and services, helping in understanding the network infrastructure.

Q: How does accessing services like Samba contribute to the investigation? A: Accessing services like Samba allows investigators to gather more information and potentially find flags or clues related to the compromise.

Q: What was the password for the "Santa HR" account? A: The password for the "Santa HR" account was "Santa25."

Q: What HTTP server was running on the remote host? A: The HTTP server running on the remote host was Apache.