Tuesday, 12 January 2016

Concluding Nullcon2016 Promo Contest #1 : Magic of SE7EN

Conclusion


Hello All, its the time we conclude the Contest#1, Magic of SE7EN and announce our winners.

It was a great contest we had over last fortnight. So many hacks and Puzzle submissions around 7. It wont be possible for me to include all of them but I will list the winning Entry Here.

The Winner of the Contest is Arun Agrawalla  he has contributed a 7 step guide install a web-shell on Unprotected JBOSS JMX Consloe.


Here we Go : 7 Step Guide for Shelling a server by manually exploiting unprotected jmx console


Step1: Find an application which uses jboss web server and has a unprotected jmx console using google dork.

Step2: Access the https://example.com/jmx-console url of the application.

Step3:Search for “service= DeploymentFileRepository“in the jmx-Console page and open it.

Step4: Scroll down and search for the ‘void store ( )’ operation.

Step5: Enter a command shell program by filling up all the parameters in the void store() operation and click on the invoke button.
Say the shell uploaded is cmd.jsp

Step6: Try to access https://example.com/cmd.jsp.

Step7: Now we can execute various commands using the shell uploaded.


Congrats Arun.


We have runner ups as well


1. B.N.Chandrapal (Create a .onion website in 7 steps in Windows)
2. Veerababu Penugonda  (Hacking android mobile using MetaSploit on Kali Linux in 7 Steps)


Congrats all. We will be shortly getting in touch with you with the reward details.

I hope you are enjoying this contest and finding them valuable. Write to us, in comment section, tweet us or post on FB how you are liking the contests. We have more contests coming up.

Again, send in your nominations for #Nullcon2016 BlackShield Awards here  

Thanks for being with us. Enjoy :)

PS: the contributed entries are shared AS IS, we dont give  any guarantee that it will work on your setup.

Tuesday, 5 January 2016

Magic of SE7EN part 3

Great Responses


Thank you all for all those responses. Many of you have contributed Masyu puzzle. One of the interesting contributions in this week which i liked is contributed by Smit Kotadiya. You too can try it. Googling for answers is cheating :-P

By changing one letter in each step to form English words, and leaving all other letters in their original positions, convert FISH into SWIM in the 7 possible steps.

F I S H
_ _ _ _
_ _ _ _
_ _ _ _
_ _ _ _
_ _ _ _
_ _ _ _
S W I M



Here is one from our side


Deffie-Hellman Key Exchange : The Key-Exchange is a method to arrive  at a common secrete which can be used for further encrypted communication.

Deffie-Hellman is an important part of modern cryptography and plays important role in providing "Perfect-Forward-Secrecy"

Here is DH illustration in 7 Steps :





  1. Alice and Bob agree to use a modulus p = 23 and base g = 5 (which is a primitive root modulo 23).
  2. Alice chooses a secret integer a = 6, then computes  A = ga mod p
    • A = 56 mod 23 = 8
  3. Bob chooses a secret integer b = 15, then computes B = gb mod p
    • B = 515 mod 23 = 19
  4. Alice send 8 ( A = ga mod p) to Bob; and Bob Send 19 (B = gb mod p) to Alice. 
  5. Alice computes s = Ba mod p
    • s = 196 mod 23 = 2
  6. Bob computes s = Ab mod p
    • s = 815 mod 23 = 2
  7. Alice and Bob now share a secret (the number 2).
  Both Alice and Bob have arrived at the same value s, because, under mod p,
A^b = g^{ab}= g^{ba}=B^a\ (mod\ p)


Contest is Still On

Send us your creative contributions. we will enlist the exciting ones out of them. Being more description with reference links will be helpful :)

Your comments are welcome in comments section.
Also dont forget to Nominate for BlackShield Awards, remember its your award, its like you are giving it to the nominees and winners.

So why waiting?  Nominate here  and now


* Thanks to Wikipedia article on Deffie-Hellman, extracts are used from there and slightly modified to fit in the format.

Thursday, 31 December 2015

Magic of SE7EN - part 2

The Response

 Within 24 Hours of announcement of the contest we have received an overwhelming response.

Most of the responses tried to list the 7 steps to carry Goat, Cabbage and Wolf across the River which was not the expected response for the contest.

Few of the responders got the contest right and have submitted very good puzzles. Im elisting few of them which will give you an idea of what exactly we are looking for

  1. Tower of Hanoi with 3 Discs needs exactly 7 steps to transfer the tower from one place to another.
  2.  Hacking sql syntax error website with havij tool- Exactly in 7 steps
  3. Create a .onion website in 7 steps 


One Classic from Our Side : Ideal Scan

Here is one from me to give you some more ideas for better submission.
Also known as Zombie Port scan takes exactly 7 steps to scan a port.

For more details check wiki article on Idle Scan

Submit your 7 Step hacks or puzzles (with little more details) at http://goo.gl/forms/c7QbCxxQ4c  


Wish you all Happy New Year and Happy Hacking :)

Tuesday, 22 December 2015

Nullcon 2016 Promo Contest# 1 : Magic of SE7EN

We at Payatu & null community are excited to bring you Nullcon Edition# SE7EN during Mach 2016. This being our 7th year, we wanted to play a bit with the number 7 


About this Contest

We promise this contest will give you lots of food for your Grey Matters and it will be fun. Taking it to the next level, lets have submissions, write ups, contributions for this enlistment. For each cool submission that we will include on this blog, we will Give you Free Passes and may of our popular  Nullcon merchendise (of your Choice :-)

Playing Around with 7

We were just wondering how many Hacks, Problems, Puzzles we can enlist which takes exactly 7 SYN, 7 packets, 7 steps, 7 exchanges, 7 connections or any thing in the denomination of 7


Here is one classic puzzle for getting started...

The Puzzle : 

Whats the minimum number of Ferries Tom Cat has to make for a LOSS LESS transportation of  A wolf, AGoat and A bunch of Cabbage across the river


Constraints : 

Sailor Cat needs to bring a wolf, a goat, and a cabbage across the river
The boat is tiny and can only carry one passenger at a time. 
If he leaves the wolf and the goat alone together, the wolf will eat the goat. 
If he leaves the goat and the cabbage alone together, the goat will eat the cabbage. 

Solution : SE7EN

 

Now its your turn to share a Hack or Puzzle which can be solved optimally in 7 Steps. 

 

Where to Submit :

Please submit your contributions at this form http://goo.gl/forms/c7QbCxxQ4c

 

Credits : 

And if you want to have some fun you can solve this problem at "MathCats". We thank them for the image.


Before we say Bye!!

Just to remind: nominations for prestigious "BlackShield Awards" is Open.  Nominate your Favorite InfoSec Diva &  Enjoy the Magic of SE7EN


SHOOT
Your Entries and win Exciting Goodies!!!