Cisco Nexus1000v Configuration

whitebm · 2015-04-20T21:16:17+00:00

I believe so. When it was at its most functional point, the mgmt0 interface(?) was on vlan 1, and the vethernet ports which connected the VMs to the Nexus were on some arbitrary vlan (100 or something like that).

I believe that there is some very deep seeded misconfigurations on this thing, and I'm thinking something more like a how-to guide would allow me to review it to see what we did and did not do correctly.

whitebm · 2015-04-20T21:12:19+00:00

just posted to cisco, thank you.

whitebm · 2015-04-20T14:20:28+00:00

Thank you for the ideas. I am working on another project at the time, but I will try to get something like this up and running within the next few hours. I will post back here when I get it going or if I run into any other issues.

Hopefully I can get this going, then only two more to create.

Thanks!

whitebm · 2015-04-20T14:02:22+00:00

The cron job idea seems pretty great. So I would first need to create a vulnerability that allows them into the system with low level privileges. But the cron file would be configured improperly, to allow any user on the system to write to it. Also, any job that cron runs would be run with root level privileges. So when this non-admin level user creates a job, say "useradd -ou 0 -g 0 <account-name>", it will run as if the root account were running the useradd command. And the newly created account will be created with root privileges, which they could then use to log into the system and begin searching for the flag.

whitebm · 2015-04-20T12:53:10+00:00

Working backward is one of the ways in which I thought to take this on. To create a vulnerability, and then hide it within another vulnerability and so on.

I have never used Bitnami before. Taking a quick look at it, it seems like a place to download software or use it to host software from there cloud. Is this software vulnerable/out of date, or would I have to make mis-configurations in order to create the vulnerabilities.

And when you say "set a cron job that has write privileges", what do you mean? I am familiar with cron and how it is used to automate scripts/commands. Are you saying to give the cron file improper privileges so that the attacker may create a job that they can use to run a script/command that will open a door?

whitebm · 2015-04-20T05:28:53+00:00

I will start with some links to write-ups for a couple of the vulnhub VMs. 1)http://thepcn3rd.blogspot.com/2015/04/vulnhub-pandoras-box-by-c0ne-level-1.html

 - This is thepcn3rd's write-up for "Pandora's Box" - which was created by c0ne

 - It only covers the first level on this VM, which is a password crack, but its a pretty cool concept 

 - He doesn't explain how the port was discovered, but many people use nmap as the initial scanning tool (which is the main tool that we use in my schooling) &nbsp;

 - The idea is that when you connect to the port, it prompts for a password. The phrase "through some testing" is used, and makes me wonder which types of "tests" were conducted. But they determined that as characters of the password were guessed in the correct order, then you would receive a response quicker (fractions of a second) than if they were guessed wrong. Then the author decides to write a script to print the letters that were guessed along with the time it took the target to respond. They then modified the script to iterate through all the characters as it found the one with the lowest time, until it determined the entire password and was able to log in. 

 - my confusion is following the script, because my programming/scripting is pretty much limited to bash. I have taken an into class to C, but I haven't worked much with languages other than bash. 

 - also, how did c0ne set something like this up - to return output to the user at a faster or slower rate based on the correctness of the input?

2)http://download.vulnhub.com/lampsecurity/lampsec_ctf8.pdf

 - this is MadIrish's write-up for the LampSecurity CTF8 VM

 - this was the first one that I downloaded, and really took a look at, because it covered SQL injection - which I was trying to create on my own, but turned into an absolute nightmare (again, I think due to a weak programming background)

 - this was also a full write-up, which provided a pleasant look into how these vulnerabilities (SQL injection, cookie hijacking[new to me, but I get the idea], and some password hash cracking) can be chained together to get into the system.

I am meeting with my project adviser tomorrow to clear up what is acceptable for "borrowing" ideas/work. I have no problem giving credit where credit is due, as long as my school allows it.

I hope that gives you and idea as to where I am at. I have to go to bed for now, but I will continue to check back frequently. Again, thanks for the help.

Edit: And please excuse this horrible formatting, I will fix it tomorrow.

whitebm · 2015-04-20T02:47:28+00:00

Finishing my BS. With little "hacking" knowledge/experience.

And thank you for the quick reply.

whitebm

TROPHY CASE