CACI challenge T18

Keep finding information and used them to go deeper.

Comment

Bohong Li, Munira, Amjad, Alaa Use WORD to document our progress. Code 1:

  1. Connect to CaciRocks
  2. See ip and use nmap to scan hosts in 192.168.0.0/24
  3. Found 1,20,100
  4. Use nmap to scan for more information fail, ping is rejected.
  5. Use nmap -Pn, fail.
  6. Use telnet and msf telnet_version fail
  7. Use ssh and msf ssh_login fail
  8. Use browser to open 192.168.0.20 get a spiderman image says camera credentials is 7D8F9EBFE and some hints.
  9. See the source html code of 192.168.0.20 and found a hidden picture and down it.
  10. It’s .xcf so download the GIMP to read it.

  11. Hide the background and see Cacichallenge password:1DFE6ACB32, connect to it.

  12. Nmap to scan hosts.

  13. 1.1 for cisco, 20 open 22, 80 ports. 40 open 21,80,8600,8888 ports.

  14. Use Nesses to scan 20,40 and found vulnerabilities

  15. Use browser enter 1,20,40, try username and password in 1 and 40, and google the cisco device’s name.

  16. Try to type something like ‘ to test if it’s SQL injectable.

  17. Use sqlmap -u to test the 192.168.1.20/phpMyAdmin if it’s SQL injectable.

  18. Use msf auxiliary http scanner dir_scanner to find the catalog of website for 20 and 40, found 20/phpMyAdmin,/images and see all things and images.

  19. Use cat image.png to find if sth in the image.

  20. use nmap -A to get detail information about 20. See something like /analytics/admin_center.html

  21. Try 192.168.1.20/admin_center.html on the browser.

  22. Found credentials and enter the camera.

Code 2:

  1. In the outcome of the namp -A 192.168.1.20, we found raspberry and search It in google.
  2. Check all source code of 192.168.1.20 website and 192.168.1.40 website. 192.168.1.20/admin_center.html found a hidden credentials: pi CaciBIT$
  3. It matches the raspberry pi, so google “remote login raspberry pi” and choose ssh because ssh is available in 20.
  4. Found command ssh pi@192.168.1.20
  5. Use this and CaciBIT$ and login to 20.
  6. Try to find a file that contain useful information. Download many things and a deb file.

  7. scp -r pi@192.168.1.20:~/MagPi/MagPi83.pdf ~/Desktop

  8. Go to google searching for nodejs because it related to .deb file.

Recommendation for secure system:

  1. There are too many things we can see through nmap scan, such as http-robots and admin_center.html. Hide them will be better.
  2. Update the apache server in 20 because 2.4.38 version has many vulnerabilities such as CVE-2019-0215.
  3. Use ping filter to protect the devices.
  4. Do not let credentials in the html page that can be seen without login.
  5. In 192.168.1.40, username is needed is better.
  6. Some sensitive information can be seen in site’ robots.text file, it should be changed.
  7. 40 has some backup files, need to ensure backup files like /.htacess not contains sensitive information.
  8. Use password in CaciRocks! Wifi.
  9. Close or hide or change the ftp port in 20 because it can be cracked.
Share this project:

Updates