Concluding Nullcon2016 Promo Contest #1 : Magic of SE7EN

Conclusion

Hello All, its the time we conclude the Contest#1, Magic of SE7EN and announce our winners.

It was a great contest we had over last fortnight. So many hacks and Puzzle submissions around 7. It wont be possible for me to include all of them but I will list the winning Entry Here.

The Winner of the Contest is Arun Agrawalla  he has contributed a 7 step guide install a web-shell on Unprotected JBOSS JMX Consloe.

Here we Go : 7 Step Guide for Shelling a server by manually exploiting unprotected jmx console

Step1: Find an application which uses jboss web server and has a unprotected jmx console using google dork.

Step2: Access the https://example.com/jmx-console url of the application.

Step3:Search for “service= DeploymentFileRepository“in the jmx-Console page and open it.

Step4: Scroll down and search for the ‘void store ( )’ operation.

Step5: Enter a command shell program by filling up all the parameters in the void store() operation and click on the invoke button.
Say the shell uploaded is cmd.jsp

Step6: Try to access https://example.com/cmd.jsp.

Step7: Now we can execute various commands using the shell uploaded.


Congrats Arun.

We have runner ups as well

1. B.N.Chandrapal (Create a .onion website in 7 steps in Windows)
2. Veerababu Penugonda  (Hacking android mobile using MetaSploit on Kali Linux in 7 Steps)


Congrats all. We will be shortly getting in touch with you with the reward details.

I hope you are enjoying this contest and finding them valuable. Write to us, in comment section, tweet us or post on FB how you are liking the contests. We have more contests coming up.

Again, send in your nominations for #Nullcon2016 BlackShield Awards here  

Thanks for being with us. Enjoy :)

PS: the contributed entries are shared AS IS, we dont give  any guarantee that it will work on your setup.

Magic of SE7EN part 3

Great Responses

Thank you all for all those responses. Many of you have contributed Masyu puzzle. One of the interesting contributions in this week which i liked is contributed by Smit Kotadiya. You too can try it. Googling for answers is cheating :-P

By changing one letter in each step to form English words, and leaving all other letters in their original positions, convert FISH into SWIM in the 7 possible steps.

F I S H
_ _ _ _
_ _ _ _
_ _ _ _
_ _ _ _
_ _ _ _
_ _ _ _
S W I M

Here is one from our side

Deffie-Hellman Key Exchange : The Key-Exchange is a method to arrive  at a common secrete which can be used for further encrypted communication.

Deffie-Hellman is an important part of modern cryptography and plays important role in providing "Perfect-Forward-Secrecy"

Here is DH illustration in 7 Steps :

1. Alice and Bob agree to use a modulus p = 23 and base g = 5 (which is a primitive root modulo 23).
2. Alice chooses a secret integer a = 6, then computes  A = g^a mod p
   • A = 5⁶ mod 23 = 8
3. Bob chooses a secret integer b = 15, then computes B = g^b mod p
   • B = 5¹⁵ mod 23 = 19
4. Alice send 8 ( A = g^a mod p) to Bob; and Bob Send 19 (B = g^b mod p) to Alice. 
5. Alice computes s = B^a mod p
   • s = 19⁶ mod 23 = 2
6. Bob computes s = A^b mod p
   • s = 8¹⁵ mod 23 = 2
7. Alice and Bob now share a secret (the number 2).

  Both Alice and Bob have arrived at the same value s, because, under mod p,

Contest is Still On

Send us your creative contributions. we will enlist the exciting ones out of them. Being more description with reference links will be helpful :)

Your comments are welcome in comments section.

Also dont forget to Nominate for BlackShield Awards, remember its your award, its like you are giving it to the nominees and winners.

So why waiting?  Nominate here  and now

* Thanks to Wikipedia article on Deffie-Hellman, extracts are used from there and slightly modified to fit in the format.