mirror of
https://github.com/fdiskyou/Zines.git
synced 2025-03-09 00:00:00 +01:00
95 lines
12 KiB
Text
Executable file
95 lines
12 KiB
Text
Executable file
▄▄ ▄▄ ▄ ▄▄▄▄ ▄▄▄▄▄ ▄▄ ▄▄ ▄ ▄ ▄▄▄
|
|
███▄ ██ █ █▄▄▄ █ ▄▄▄ ███▄ ██ █ █ █ █ HTP5
|
|
██ ▀█▄██ █ ▄▄▄█ █ ██ ▀█▄██ ▀▄▀ █▄▄▀
|
|
██ ▀██ ██ ▀██
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
|
|
GILL
|
|
However, we have come to believe that one 'HTP'
|
|
is involved in the NVD breach. They or perhaps
|
|
an accomplice of theirs have a disk that Mr.
|
|
Belford needs. We want you to help us find it.
|
|
|
|
\
|
|
|
|
░░▒▒▓▓▓▓▓▓▓▓▓▒▒░░
|
|
░▒▓███████████████████▓▒░
|
|
░▒▓█████████████████████████▓▒░
|
|
░▓████████▓▓▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓▓█████▓
|
|
░▓█████▓▓▓▓▒▒▒░░░░░░░░░░▒▒▒▒▒▓▓▓███▓
|
|
░▓████▓▓▓▒▒▒▒▒▒▒░░░░ ░░░░░▒▒▓▓▓██▓
|
|
▓████▓▓▒▒▒▒▒▒░░░░ ░░▒▒▒▓▓▓██▒
|
|
▒████▓▓▓▒▒▒▒▒░░░ ░▒▒▒▓▓▓██
|
|
▓████▓▓▒▒▒▒▒▒░░░ ░░▒▒▒▓▓▓█░
|
|
█████▓▓▒▒▒▒▒░░░ ░░▒▒▒▓▓█▒
|
|
████▓▓▒▒▒▒▒▒▒▒▒░░ ░░▒▒▒▒▓▓▓▓
|
|
███▓▓▒▒▒▒▒▒▒░░░ ░░░░▒▒▒▓▓▓▓
|
|
▓█▓▓▓▒▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▄░ ░▄▓▓▓▓▓▓▓▓▓█▓▓▓
|
|
▓▓▓▓▓▓▓▓▓▓█▓▓▓▓▓▓▓▓▓▓▓█▒▓▒▓▒▓▓▓▓▓▓▓▓▓▓█▓█░
|
|
▒▓▓▓▓▒▒░░▒█▓▓▓▓▓▓▓▓▓▓█░▒░░▒▓▓▓▓▓▓▓▓▓▓▓█▓▓
|
|
░▒▓▓▒▒▒▒░░▒▒█▓▓▓▓▓▓▓▓▓█░▒░░░▒▓▓▓▓▓▓▓▓▓▓█▒▓░
|
|
▒▒▒▒▒▒▒▒▒▒▒░░▀▀▀▀▀▀▀ ░▒░░ ░▒▒▒▀▀▀▀▀▀▒▓▓▓▒
|
|
░▒▒▒▒▒▒▒▒▒░░ ░░░ ░░▒ ░░▒▒▒▓
|
|
▒▒▒▒▒▒▒▒▒▒▒░ ░░░░░ ░░░░░ ░░▒▓▒
|
|
░▒▒▒▒▒▒▒▒▒░ ░░░░░ ░▒░░░ ░▒▒▓
|
|
░▒▒▒▒▒▒▒▒░░░░ ░░░░▒▒▒▒░░░░░▓▓▒░░ ░░░▒▓▓
|
|
░░▒▒▒▒▒▒░░░░░░▒▒▓▒░░░░░░░░░░░▒▓▓▓▒░░▒▒▓▓▓░
|
|
░▓▒▒▒▒▒░░░░░░░▒▓▓▒░░░ ░░▒▓▓▓▓▒▒▒▓▒▓░
|
|
▓▓▓▒▒▒▒░░░░░░▒▓▒░░ ░░░░ ░░░░░▒▒▓▓▒▒▒▒▒▓
|
|
▓▓▓▓▒▒▒░░░▒▒▒▒░ ░░▒▒▓▒▒▒▒▒░░▒▒▒▒▓▒▒▒▒▓▒
|
|
▓▓▓▓▓▒▒▒▒▒▒▒▓▒ ░░░░░░░░ ░▒▒▒░░▒▓▒▒▓▓
|
|
▒▓▓▓▓▓▒▒▒▒▒▒▓▒░░░░ ░░░░░░░▒▒▒▒▓▓▒▓▓▒
|
|
░░▒▒▓▓▓▓▒▒▒▒▒▒▓▒░░░ ░░▒▒▓▓▓▓▓▓▓
|
|
░ ▒▒▓▓▓▓▒▒▒▒▒▓▓▒▒░░░ ░░▒▒▒▒▓▓▓▓▒▓
|
|
░▒ ░▒▒▓▓▓▓▒▒▒▒▓▓▒▒▒░ ░▒▒▒▓▓▒▓█▓▒ ░░
|
|
░██░ ░▒▒▓▓▓▓▒▒▓▓▓▓▓▓▒▒▒▒▒▓▓▓▓▒▓▓▓▓▒ ░
|
|
▒████░ ░▒▒▓▓▓▒▒▓▓▓███████▓▓▓▓▓▓▓▓▒ ▓▒░
|
|
▒▓██████▒ ░▒▒▓▓▓▓▓▓▓█▓▓▓██▓▓▓▓▓▒▒▒ ▓███▓▓▒▒░░
|
|
░▒▓██████████▓ ░░▒▒▓▓▓▓▓▓▓▓▓▓▓▓▒▒▒▒▒ ░██████████▓▓▓▒▒░░
|
|
░▒▓███████████████▓ ░░░░▒▒▒▒▒▒▒▒░░▒░ ▒█████████████████▓▓▒
|
|
░▒▓▓████████████████████▓░ ▓▓▓▓░▓▓▓░░░ ████████████████████
|
|
██████████████████████████▓░ ▓▓▓▓▓▓░ ▒███████████████████
|
|
████████████████████████████▒ ▓▓██ ▓██████████████████
|
|
█████████████████████████████▒ ████ ░██████████████████
|
|
██████████████████████████████▒ ▀████ ▒█████████████████
|
|
███████████████████████████████▓ █████ █████████████████
|
|
████████████████████████████████▓ ██████ ▒████████████████
|
|
█████████████████████████████████▓ ███████ ▓███████████████
|
|
██████████████████████████████████▓░ ████████ ░▓██████████████
|
|
████████████████████████████████████░ ▓████████ ▒██████████████
|
|
█████████████████████████████████████░ █████████ ██████████████
|
|
██████████████████████████████████████▒ █████████ ▓█████████████
|
|
███████████████████████████████████████▒ ██████████ ░█████████████
|
|
████████████████████████████████████████▓ ▒██████████ ▓████████████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
|
|
About 8 months ago, we were monitoring our intel (tail -f'ing PM logs from other
|
|
networks) and came across an individual who was pretty skilled with ColdFusion.
|
|
After due time, we invited him/her to HTP. He/she ended up manifesting the NULL
|
|
RDS 1day POC, which owned the NVD.
|
|
|
|
The NVD realized they were breached, and deleted the shells. Soon after, they
|
|
were shelled again. They deleted the shells again. Once again, they were
|
|
shelled. The DHS CSD was swift and unrelenting with their execution of the
|
|
DELETE key.
|
|
|
|
As fun as this was, the rest of HTP acknowledged what had been breached. We
|
|
switched tactics and proceeded to traverse the National Vulnerability Database
|
|
network. Two boxes down, we downloaded the CFM scripts and certificates hosted
|
|
within the NVD and NISTWEB servers. From them, we were able to authenticate
|
|
ourselves to access the DHS NIST/NVD user database (root slash period workspace
|
|
slash period garbage period).
|
|
|
|
Not knowing what to do, and realizing their DELETE key training had abandoned
|
|
them, the DHS CSD resorted to shutting the entire site down. It is our theory
|
|
their inspiration for this technique came from an NCIS episode:
|
|
http://www.youtube.com/watch?v=u8qgehH3kEQ
|
|
|
|
Included in this segment of HTP5 is the DHS NIST/NVD user database, along with
|
|
two certificates and their ColdFusion admin password.properties. Enjoy.
|
|
|
|
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
~ http://mirror.hack-the-planet.tv/HTP-5/NVD/NVD.zip
|
|
|- 0MB | DHS NIST/NVD user database, two certs, CF admin password.properties
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|