Post Wed Jan 21, 2009 2:12 am

Skillz December 08 Honorable Mention - Creative

Honorable Mention - Creative

Ron at SkullSecurity



'twas the night before Christmas and Kris was in jail
And his friends were upset because they couldn't make bail

"202c," they said, "how could that be done?"
"I thought we were in Canada, with 342.1?"

They tried to find Sombertown on the Google map
But Javascript was required, so they couldn't find crap

Meanwhile Santa, who was trapped in his cell,
Fires up his Mac to see what he can tell

"Now ping, now traceroute, now metasploit and Nmap!
On cain, on able, on wireshark and netcat!"

Ere it was booted, Jessica asked if it was hard
To sneak his macbook past the prison guard

"No problem!" said Kris, "I do it every day!"
"This Macbook is barely a computer anyway!"

Just then, the jailmaster walked to his box
Past the server that could open the locks

Jailmaster logged on with his password from hell
But what it was, kris could not tell

With a glint in his eye and a hint of a smirk
Kris fired up Nmap and scanned the network

"Lo! What's this?" he said with a grin
Another box showed up as he scratched his chin

"Laptop and web1 I can see from this box"
"I wonder what web1 would tell firefox?"

Opening his browser Kris giggled with glee
As he typed shell commands into form #3

"Shell injection? That's so totally cool!"
Said Kris as he fired up his metasploit tool

Kris wondered if the laptop would fall to '067?
And as the shell popped up, he said "I'm in heaven!"

Now with two boxes under full control,
Kris had to find a way to open the door!

"What tools do we have?" asked Kris with a grin
"With Nmap and Netcat we'll surely get in!"

"Psexec," said Jessica, "metasploit, and netcat"
"One tool under 1 meg, and of course Nmap"

"One tool?" laughed Kris, "just download some LOLCats"
"I already have enough to do my l33t hacks"

"You can keep your psexec program too!"
So poor Mr. Warlock had nothing to do

Firing up metasploit[1] with a glance at the guard table,
Kris selected meterpreter as the payload

"use priv" he ran, and "hashdump" too
With the hashes in hand he knew what to do

With a wave of his hand and no delay,
On his macbook he created a netcat relay[2]

Then on Web1, quick as could be
He set up a relay with /dev/tcp[3]

"Wow" said Jessica, as Kris still typed,
Tools like Core Impact are way overhyped!

Running metasploit[4] on his laptop he knew what to do next,
Setting RHOST to "local" and exploit to "psexec"

SMBUser was "jailmaster" and SMBPass was "aad3b435b51404eeaad3b435b51404ee:d3ec7135d0caab12139108c13e7da38f"
After all that typing, Kris said, that's enough!

Recognizing the hash encoded with NTLM,
The prison door computer let kris's connection in

When the door clicked open they let out a shout!
Thanks to Kris, they'd all gotten out!

And while he was doing this, what did the Winter Warlock do?
He downloaded I Can Has Cheezburger, and enjoyed it too!



Well done,
Don
CISSP, MCSE, CSTA, Security+ SME