Wunorse Openslae: Stall Mucking Report
We are told that a Samba share with shared network credentials is used to upload the file on the server. These
shared credentials can be revealed via ‘ps’ if they were entered in command-line mode. We use ps with the -e
(view every process on system) and -ww (unlimited width) flag to reveal the username and password used for
uploading the report.
Once we have the credentials, we can use them to upload the report using smbclient:
smbclient //localhost/report-upload/ -c ‘report.txt ; put report.txt’ -U
report-upload directreindeerflatterystable
Bonus
The password to the Samba share (‘directreindeerflatterystable’) seems to be a play on
Suggested remediation: Using something like secret-tool to look up passwords in the Gnome keyring is
safer than passing credentials in the command-line or storing them in a file.
Question 4
Wunorse Openslae gave us the tip to use the tool ‘truffleHog’ to dig through code repositories for exposed
credentials. TruffleHog searches through repos, locating strings with high entropy. Sensitive information such
as passwords traditionally have higher entropy. This tool was a great find for me and it quite straightforward to
use. It was able to locate the password in the North Pole Git repository in no time.
trufflehog https://git.kringlecastle.com/Upatree/santas_castle_automation
So much for “hopefully this is the last time we have to change our password against until next Christmas”.
No comments:
Post a Comment