Hackit

From 34C3_Wiki
Jump to: navigation, search

Schreibt hier Vorschläge rein, was alles vom Kongress aus gehackt werden könnte.
Make proppsals here, what to hack by the congress


AFD Infrastrukturanalyse:

  • Die AFD hostet bei Amazon
  • Die AFD benutzt Wordpress
  • Die AFD benutzt Plesk
  • afd-hosting.de unter dieser Domain (google it) laufen saemtliche AFD Seiten - Wordpress 4.8.1 (yeah)
  • piwik.alternativefuer.de user tracking
  • cdn.afd.tools + cdn.hbg-it.de existieren
  • afd.tools existiert auch, mit einem wordpress
  • Mutmasslich verwaltet vom AFD Mitglied #removed due to privacy complaints#, inhaber der #removed
  • webmail.afd.tools existiert ebenfalls




Question: I have a printer serial number found by tracking dot decoding (https://w2.eff.org/Privacy/printers/docucolor/) and need more information.

  • Is there a possibility to gather more information?
  • Is it possible to locate the printer?
  • Is it possible to identify the user?

Thanks

Nazi Versandhäuser:


NPD researching: NPD:

  • npd-hessen.de-212.114.63.127
  • npd-hannover.de-212.114.63.127
  • npd-erzgebirge.de-51.255.136.51
  • npd-bayern.de-212.114.63.127
  • npd.de-51.255.136.54
  • npd-berlin.de-51.255.136.49
  • npd-rhein-neckar.de-217.79.187.196
  • npd-muenchen.de-212.114.63.127
  • npd-braunschweig.de-212.114.63.127
  • npd-lueneburg.de-212.114.63.127
  • npd-ingolstadt.de-212.114.63.127
  • npd-niederbayern.de-212.114.63.127
  • npd-mittelfranken.de-212.114.63.127

http://www.viewdns.info/reverseip/?host=51.255.136.51

inetnum: 51.255.136.48 - 51.255.136.55

kpv-npd.de - joomla [+] URL: kpv-npd.de

[+] Found 2 interesting headers.

|  Server: nginx
|  X-Powered-By: ["PHP/5.4.45", "PleskLin"]

[+] Joomla version 3.4.4 identified from admin manifest

[!] Title: Joomla Content History SQLi Remote Code Execution [!] Title: Joomla 1.5 - 3.4.5 - Object Injection Remote Command Execution [!] Title: Remote Code Execution in third-party PHPMailer library [!] Title: Directory Traversal [!] Title: Directory Traversal [!] Title: CSRF Hardening [!] Title: Account Creation [!] Title: Elevated Privileges [!] Title: Account Modifications [!] Title: Joomla! < 3.6.4 Privilege Escalation [!] Title: Shell Upload