"Cymmetria’s MazeRunner platform lets you dominate an attacker’s movements from the very beginning and lead them to a monitored deception network."

    I really like this product but after my first installation, I felt like I sort of rushed the process and I wanted to start over again.  With a fresh install, I headed over to the Responder monitor.  For those of you unfamiliar with Responder.py, it's wicked fun if you're an attacker, and not so much fun if you're a defender.

    In a previous post, I wrote about how to get a reverse shell on Drupal 7 (and possibly earlier).  I'm currently working on a project involving Drupal and I'm also teaching a class this weekend -- I thought... why not pair the two together.  I figured if I built something for the class with Drupal, that would lend a hand with my project.  Familiarity and such.  I "thought" I was going to recycle my knowledge from the previous post but it turns out in Drupal 8, they removed the filter function which allows you to insert PHP into the posts.  After some reading, it turns out their reasoning was due to the fact that hackers can exploit this functionality. 

    The other day, a friend asked if I was on HacktheBox and I was reminded that I'd been absent for a while.  Apparently, they are cranking out a new box every week which could be good or bad -- I'm not really sure.  While looking for something to write, I thought I'd take on one of their retired boxes and that would solve two "needs" simultaneously.  

    This box was interesting mostly because of the hunt for the exploit to gain a foothold on the system.  From there, it was trial and error as to which technique would work for a particular task.  After that, root was easy.

    First, we kick off with Nmap:

    I've been thinking about honeypots for the last few weeks and as I've been playing around with the various products, I wondered what it would take to write something up in Python.  Initially, I had these grand ideas but then it sort of dawned on me that a lot of what I'd been conjuring up would be a reinvention of the wheel.  

    With a honeypot, what do we really need?  If we're building a web server, we need to answer HTTP requests, we need some sort of logging, and we need some method to alert.  I could build something from scratch or I could leverage some existing tools.  Rather than alerting, I'm going with an IP ban by using Fail2Ban but it can also trigger emails which is something I might add later.

    The description states:  "The machine was part of my workshop for Hacker Fest 2019 at Prague.  Difficulty level of this VM is very “very easy”. There are two paths for exploit it."

    In the eye of the beholder and such but yes, very easy.  I saw the description and I thought this might be a good machine to check out for my weekend group.  One person has already rooted it and all I did was mention it so we're off to a good start.

    Anyway, we kick off with Nmap:

    If it seems like I'm on some sort of Wile E. Coyote quest to build the perfect booby trap, that is actually not the case despite how things look.  Canaries, mazes, honeypots, there's definitely a recent theme and it's all related to a current project.  The Pentbox honeypot doesn't actually fit my need but I saw it, downloaded it, and I thought it was an interesting idea.  Pentbox is actually an enumeration toolkit of sorts but the honeypot feature is based off of a question -- what happens if someone tries to hack the penetration tester?

    I think the assumption is that you need to have something watching your back when you're working and that's where the honepot feature comes into play.  After playing around with it for a minute or two, the most obvious setup is that you pop open a tab, launch the honeypot, and just leave that tab open.  Not to spoil but there's an advanced section where you can configure the system to beep on an alert.

    Page 8 of 47

    © 2020 sevenlayers.com