$theTitle=wp_title(" - ", false); if($theTitle != "") { ?>
Just another Binusian blog site
23 Jan // php the_time('Y') ?>
Weekly reports
Week 5
We were asked to create a team consisting of three members, so I decided to team up with Arva and Sam. We brainstormed some project ideas, initially we decided to make a google assistant related AI, some other ideas are to make AI to solve sudoku.
Week 6
This week, we started to do researching our project, which leads us to a lot of options, and at last, we changed our topic to text analysis.
Week 7
This week we started to implement some of the examples of sources that includes us implementing libraries and frameworks found in github, while we continue discussing more options of our project.
Week 8
This week, we talked about the things we need to install set up first and we also try to find how the algorithm flow works on this project before starting to tinker with the code from the reference.
Week 9
We started to discuss and decided to split up the work as it could be a lot more efficient. While discussing we also decided to use the library of words for embedding.
Week 10
We tried openCV for computer vision. My team worked with Ivan’s team for the computer vision task. For our final project, we found a suitable datasets. It was on Kaggle with the name of all the news. It contains 143,000 articles from 15 news publisher. The datasets also has the label that we want, therefore we decided to use the dataset.
Week 11
We started to work on our final project. One library is not enough, so we experimented with a couple libraries that could be used for Natural Language Processing. TensorFlow has their own library for NLP, and there is a thing called TensorHub by TensorFlow. It is an open source library from google, and is mostly used as the embedding layer for NLP.
Week 12
This week, we figured out that we could use cvlib that contains an object detection function which also we could refer to our own python code which takes the function and inputs its own parameter so that it could work perfectly with the function. We also started to use darknet which is a framework to train our models. We had a lot of difficulties during training our models due to lack of sources such as requires NVIDIA CUDA that are pretty hard to configure and different operating systems which leads us to an option that is working on a single operating system.
Week 13
This week, we presented our project including its demo including the training process, the code, how it works, and when tested with the test set to Mrs. Nunung.
And also, we presented about our difficulties and future works to Mr. Andreas
20 Jun // php the_time('Y') ?>
Step 2
The next step which is step 2, after getting the user access, we are asked to get the access as an admin. The way that came to our mind is to try to access the database through php codes since wordpress support post that contain php commands through ‘php everywhere’.
First, we try to install an easy simple web shell, for the php code, we get it from google, and put the code in new post which enable a shell that actually can access see the files in the server.
When we type ‘ls’ in the shell, we can see the list of files there
From the ls result, we can see there’s ‘wp-config.php’ which is where the database of wordpress stored in. Then we try to open it using ‘cat’ command.
But since the result is shorten, so we try to inspect element and copy paste it to a text editor to get a better view.
After pasting it to the notepad, we are able to view the user, database name, and password. This information is necessary in order to access the database, which we will try to access using php.
Then we add new post at phpeverywhere section, containing php code to connect to database using previous information.
This post when viewed, will show the result of the query that is written in the php code.
From above picture, we can see all tables available in the database. In order to get the admin access, either we make new admin, or new account and escalate the privilege to admin because we aren’t allowed to change the current user based on the rules. From the tables list, the table ‘wp_users’ and ‘wp_usermeta’ are listed, which we assume have the connection to differentiating the admin and user. So first we try to show the ‘wp_users’ using php codes, but first we must describe the table first to know it’s fields.
Resulting in these fields:
From above fields, then we can find out how to display the fields, due to the fact that if we put incorrect field name, it won’t show the result. We decided to show the id, user_login, user_pass, and user_status, assuming that user_status is what differentiate the admin and users.
This code results in :
As we can see, their role is all the same from adminteam2 to user2. Then we try to describe the ‘wp_usermeta’ table first.
The fields shown is :
Then we try to show all of the fields data using this code :
From all the results, the most thing that differentiate the user and admin is these
Then we try to insert the user manually to both ‘wp_users’ and ‘wp_usermeta’ but failed. Then after searching we found out that wordpress have it’s own function to insert new user, and with this function we can insert the role of the new user.
When we try to log in :
It’s a success.
20 Jun // php the_time('Y') ?>
Step 1
In step 1 we are asked to get user access to the website we’ve been assigned to. I tried is to ping the website assigned, which gives me the ip of the website.
But when i enter the ip to browser, this popped up.
It is written that I’m not allowed to access the website directly through it’s ip, and it is written that the website is a part of cloudflare. Then i tried to google how to find real ip of a website in cloudflare, and censys come out, then i try to input the website to censys website.
And when i try to input the ip listed in censys, the real website come out, which means it is the ip of the website.
After getting the real ip, I use ‘nikto -h ip -o output -F format’
And from the output file this vulnerability is listed,
When we download the password.lst the list of possible password is shown, accompanied by a hint on top
Then i use a kali command to append 2019 to all the passwords
Resulting in
Until here, we’ve got the password list which we will use for bruteforce method. For the username we will use wpscan to enumerate the user and brute force it with the password list.
Result :
Then from those user we were given a hint that we need to add ‘@’ from one of the users, and since we they are using wordpress to write the blog, in wordpress, if we try to log in with wrong data, their error message shows whether the username is incorrect or the password is incorrect, such as :
And when we try to add ‘@’ in front of the user, this result come out
Which means the password is wrong but the username is already correct, showing that it is the valid username.
Then by using wpscan using that username and our password list, we try to bruteforce and find the correct pair.
After several time of processing, we get the user account.
20 Jun // php the_time('Y') ?>
After all the steps of penetration testing, in this session we are taught how to maintain our access to the target. This step is necessary due to the fact that even though we know the steps or how to get pass to the system, by maintaining our access, we don’t actually need to redo all the steps we’ve done to access the system. There are several ways on how to maintain access, there are creating OS backdoors or web based backdoors, tunnel.
By creating backdoors we make ourselves to access the target without using normal authentication and remain undetected.
While tunneling is a way where we encapsulate one network protocol inside another network protocol in order to bypass the protection that maybe exist in the target’s network.
19 Jun // php the_time('Y') ?>
After getting access to the target, the next step is to escalate the privilege we have so we can further do more things to the system. Escalating the privilege will give us more access to change more stuffs in the system. For example, rather than just being a user, if we are able to escalate to root, we can shut down the system. When pentesting, if we are able to escalate the privilege, it shows that the system have crucial vulnerabilities which allow people to shut it down after escalating themselves to the root of the system and is very dangerous.
19 Jun // php the_time('Y') ?>
After getting the target, we can make some exploits using programming languages, such as C/C++, Perl, Python, and Assembly. The skills needed is basically programming skills to write in codes. For beginners, creating exploit is very difficult due to lack of inexperience compared to experienced hackers which can already assume what exploits to write based on target’s circumstances. Public exploits are provided for proof of concepts. In forums, people also discuss types of exploits available in hacking history and is named for further referencing or discussion, which actually make it easier for us inexperienced hackers to learn from one another.
There’s a tool called Metasploit that have a collection of tools and exploit for pentesters.
19 Jun // php the_time('Y') ?>
We are assigned to make a fake website and show that we get the data that is inserted by the target which is a Visual Machine. We are going to make the fake website using SET, such as:
19 Jun // php the_time('Y') ?>
This session, we were taught about Social Engineering, which i thought is most versatile way cause it can actually help penetrate a system, even if that system have a very secure security but due to human errors by using social engineering we can find a gap to penetrate the system.
Aside from socializing, there’s a tool for social engineering such as CUPP. This tool is used to find valid passwords based on based on the target’s personal, psychological, and social characteristics.
Another interesting tool introduced to us is SET, we can use this tool by using ‘setoolkit’ and make a fake website using it. The fake website we make can imitate famous socializing websites such as facebook or twitter. From that fake website later on, when the user try to log in, it will send the username and password to us and redirect the user to the actual website, making it not that obvious.
19 Jun // php the_time('Y') ?>
We were asked to use Burpsuite and openssl to do Man in The Middle or MiTM to a target. We were asked to useopenssl for the fake certification and then put it to a proxy server, which will be accessed by the target which we use another Virtual Machine as the target. Then we will listen using Burpsuite to intercept what the target are accessing in the browser.
19 Jun // php the_time('Y') ?>
In this week’s session, we are taught about the next step of penetration testing which is Vulnerability Mapping which basically means we scan the server for vulnerability available and where we can exploit those vulnerabilities.
Theoretically vulnerabilities can be classified to lots of types such as Design Vulnerabilities, Implementation Vulnerabilities, Operational Vulnerabilities, Local Vulnerability, and Remote Vulnerability. So Design Vulnerabilities is vulnerabilities found in the software or protocol specifications. Implementation Vulnerability is vulnerabilities found in the code and lastly Operational Vulnerabilities is vulnerabilities found due to improper configuration and deployment target in an environment. While Local and Remote Vulnerability is Vulnerabilities differ based on the location.
While, practically we can use tools for Vulnerability Mapping such as OpenVAS, Sqlmap, Metasploit.
Recent Comments