SlideShare a Scribd company logo
Team- Prometheus
What was the teams approach to solving the
challenge ?
 Distributed the sections between team members
 Tapas handled Network section, Mohit handled Web section and Runcy
handled the Android section
 Final review and collaboration of results and screenshots
What tools and technologies were used in the
challenge ?
 Wireshark
 ZAP
 Burpsuite
 NMAP
 Dex2jar
 apktool
What was the most difficult part of the
challenge and how did you overcome that ?
 Initial tests did not reveal the hidden file (embed.php)
 Using Zap and analyzing various files/folder structure we discovered the
common folder (which surprisingly was browsable)
 Found embed.php (main php config file) which contains sensitive info
Demo Time

More Related Content

More from Runcy Oommen

Building AWS native serverless website
Building AWS native serverless websiteBuilding AWS native serverless website
Building AWS native serverless website
Runcy Oommen
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS services
Runcy Oommen
 
Get to know Git
Get to know GitGet to know Git
Get to know Git
Runcy Oommen
 
GCDC Bengaluru - Community Growth Hacking
GCDC Bengaluru - Community Growth HackingGCDC Bengaluru - Community Growth Hacking
GCDC Bengaluru - Community Growth Hacking
Runcy Oommen
 
Earth Engine on Google Cloud Platform (GCP)
Earth Engine on Google Cloud Platform (GCP)Earth Engine on Google Cloud Platform (GCP)
Earth Engine on Google Cloud Platform (GCP)
Runcy Oommen
 
Get your Git on GitHub
Get your Git on GitHubGet your Git on GitHub
Get your Git on GitHub
Runcy Oommen
 
Run C++ as serverless with GCP Cloud Functions
Run C++ as serverless with GCP Cloud FunctionsRun C++ as serverless with GCP Cloud Functions
Run C++ as serverless with GCP Cloud Functions
Runcy Oommen
 
Effective Tech Community Engagement - Best Practices
Effective Tech Community Engagement - Best PracticesEffective Tech Community Engagement - Best Practices
Effective Tech Community Engagement - Best Practices
Runcy Oommen
 
Rajasthan IT Day Hackathon Finals
Rajasthan IT Day Hackathon FinalsRajasthan IT Day Hackathon Finals
Rajasthan IT Day Hackathon Finals
Runcy Oommen
 
Arvind Brands - Hackathon - Solution Idea
Arvind Brands - Hackathon - Solution IdeaArvind Brands - Hackathon - Solution Idea
Arvind Brands - Hackathon - Solution Idea
Runcy Oommen
 
Intro to Virtualization - 10000 feet view
Intro to Virtualization - 10000 feet viewIntro to Virtualization - 10000 feet view
Intro to Virtualization - 10000 feet view
Runcy Oommen
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshop
Runcy Oommen
 
Unilever Hackathon
Unilever HackathonUnilever Hackathon
Unilever Hackathon
Runcy Oommen
 
Hybrid (Windows + Linux) Apps with Docker Swarm
Hybrid (Windows + Linux) Apps with Docker SwarmHybrid (Windows + Linux) Apps with Docker Swarm
Hybrid (Windows + Linux) Apps with Docker Swarm
Runcy Oommen
 
Security & Hacking 101
Security & Hacking 101Security & Hacking 101
Security & Hacking 101
Runcy Oommen
 

More from Runcy Oommen (15)

Building AWS native serverless website
Building AWS native serverless websiteBuilding AWS native serverless website
Building AWS native serverless website
 
Security hardening of core AWS services
Security hardening of core AWS servicesSecurity hardening of core AWS services
Security hardening of core AWS services
 
Get to know Git
Get to know GitGet to know Git
Get to know Git
 
GCDC Bengaluru - Community Growth Hacking
GCDC Bengaluru - Community Growth HackingGCDC Bengaluru - Community Growth Hacking
GCDC Bengaluru - Community Growth Hacking
 
Earth Engine on Google Cloud Platform (GCP)
Earth Engine on Google Cloud Platform (GCP)Earth Engine on Google Cloud Platform (GCP)
Earth Engine on Google Cloud Platform (GCP)
 
Get your Git on GitHub
Get your Git on GitHubGet your Git on GitHub
Get your Git on GitHub
 
Run C++ as serverless with GCP Cloud Functions
Run C++ as serverless with GCP Cloud FunctionsRun C++ as serverless with GCP Cloud Functions
Run C++ as serverless with GCP Cloud Functions
 
Effective Tech Community Engagement - Best Practices
Effective Tech Community Engagement - Best PracticesEffective Tech Community Engagement - Best Practices
Effective Tech Community Engagement - Best Practices
 
Rajasthan IT Day Hackathon Finals
Rajasthan IT Day Hackathon FinalsRajasthan IT Day Hackathon Finals
Rajasthan IT Day Hackathon Finals
 
Arvind Brands - Hackathon - Solution Idea
Arvind Brands - Hackathon - Solution IdeaArvind Brands - Hackathon - Solution Idea
Arvind Brands - Hackathon - Solution Idea
 
Intro to Virtualization - 10000 feet view
Intro to Virtualization - 10000 feet viewIntro to Virtualization - 10000 feet view
Intro to Virtualization - 10000 feet view
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshop
 
Unilever Hackathon
Unilever HackathonUnilever Hackathon
Unilever Hackathon
 
Hybrid (Windows + Linux) Apps with Docker Swarm
Hybrid (Windows + Linux) Apps with Docker SwarmHybrid (Windows + Linux) Apps with Docker Swarm
Hybrid (Windows + Linux) Apps with Docker Swarm
 
Security & Hacking 101
Security & Hacking 101Security & Hacking 101
Security & Hacking 101
 

Recently uploaded

A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User ValidationCode KataHand Rolled Applicative User ValidationCode Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
pavan998932
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
rodomar2
 
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfRevolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Undress Baby
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
Hornet Dynamics
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 

Recently uploaded (20)

A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User ValidationCode KataHand Rolled Applicative User ValidationCode Kata
Hand Rolled Applicative User Validation Code Kata
 
What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
 
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfRevolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 

Accenture Hack Forward - Finals

  • 2. What was the teams approach to solving the challenge ?  Distributed the sections between team members  Tapas handled Network section, Mohit handled Web section and Runcy handled the Android section  Final review and collaboration of results and screenshots
  • 3. What tools and technologies were used in the challenge ?  Wireshark  ZAP  Burpsuite  NMAP  Dex2jar  apktool
  • 4. What was the most difficult part of the challenge and how did you overcome that ?  Initial tests did not reveal the hidden file (embed.php)  Using Zap and analyzing various files/folder structure we discovered the common folder (which surprisingly was browsable)  Found embed.php (main php config file) which contains sensitive info