Conclusion
Hello All, its the time we conclude the Contest#1, Magic of SE7EN and announce our winners.
It was a great contest we had over last fortnight. So many hacks and Puzzle submissions around 7. It wont be possible for me to include all of them but I will list the winning Entry Here.
The Winner of the Contest is Arun Agrawalla he has contributed a 7 step guide install a web-shell on Unprotected JBOSS JMX Consloe.
Here we Go : 7 Step Guide for Shelling a server by manually exploiting unprotected jmx console
Step1: Find an application which uses jboss web server and has a unprotected jmx console using google dork.
Step2: Access the https://example.com/jmx-console url of the application.
Step3:Search for “service= DeploymentFileRepository“in the jmx-Console page and open it.
Step4: Scroll down and search for the ‘void store ( )’ operation.
Step5: Enter a command shell program by filling up all the parameters in the void store() operation and click on the invoke button.
Say the shell uploaded is cmd.jsp
Step6: Try to access https://example.com/cmd.jsp.
Step7: Now we can execute various commands using the shell uploaded.
Congrats Arun.
We have runner ups as well
1. B.N.Chandrapal (Create a .onion website in 7 steps in Windows)
2. Veerababu Penugonda (Hacking android mobile using MetaSploit on Kali Linux in 7 Steps)
Congrats all. We will be shortly getting in touch with you with the reward details.
I hope you are enjoying this contest and finding them valuable. Write to us, in comment section, tweet us or post on FB how you are liking the contests. We have more contests coming up.
Again, send in your nominations for #Nullcon2016 BlackShield Awards here
Thanks for being with us. Enjoy :)
PS: the contributed entries are shared AS IS, we dont give any guarantee that it will work on your setup.
This comment has been removed by the author.
ReplyDelete