Maand: maart 2020

Categorieën
Pentest

hping3

hping3 -S -r -p 135 x.x.x.x

  • -S TCP sync
  • -r check for ID +
  • -p target(open) port

hping3 -a zombie-ip -S -p 23 target-ip

  • -a spoof source-ip
  • -p target service

 

Categorieën
Pentest

How to cheat / pass Mindtickle exams with a 100% score

1. Install Firefox

2. Start your mindtickle course in the firefox browser

3. Open Web developer -> Web Console

4. This should open something like this:

Picture1

5. Now select the Debugger tab and browse to the cf-**.mindtickle.com site icon and underlying folder structure 920xxx -> scormcontent -> lib -> index.html

Picture2

6. Select “control +f” or “command +f” to search the index.html for window.courseData

Picture3

7. Make sure to select and copy the complete Base64 Encoded text

8. Paste the Base64 Encoded text in an online decoder site such as https://www.base64decode.org/ and click on Decode to get the clear text result

Picture4

9. Save the decoded text in a file and open it in your preferred editor

10. Now search for a question in your exam lookup the correct answer:

Picture5

11. Finish your exam and end-up with a 100% score 😉

Now lets automate this further by leveraging a Python Script.

1. Follow the previous mentioned 5 steps but now download the index.html file:

pic-1

2. Past the following python code in a file and save it with the .py extension:

import base64
import json
correctID = []
answer_list = []
print(”)
print(“##########—–HELLO-CHEATER—–##########”)
print(”)
print(“Please provide full MidTickle index.html download path in single quotes”)
print(“Example = ” + “‘//Users/YOURUSERNAME/Desktop/index.html'”)
print(”)
path = input(“Path = : “)
print(”)
with open(path) as search:
for line in search:
line = line.rstrip() # remove ‘\n’ at end of line
if’window.courseData’in line:
data=(line).replace(‘window.courseData = ‘, ”).replace(‘”;’, ”)+'”‘
encoded = data
decoded = base64.b64decode(encoded)
json_array = json.loads(decoded)
#print(“lessonCount”)
###################
lessonsCount = len(json_array[‘course’][‘lessons’])
#print(lessonsCount)
#print(“answerCount”)
###################
answercounter = 0
for i in json_array[‘course’][‘lessons’]:
if (i[‘type’] == ‘quiz’):
break
answercounter += 1
#print(answercounter)
#print(“itemCount”)
####################
itemcounter = len(json_array[‘course’][‘lessons’][answercounter][‘items’])
#print(itemcounter)
#print(“Correct ID’s: “)
correctID_count = 0
for item in json_array[‘course’][‘lessons’][answercounter][‘items’]:
correctID_details = {“id”:None, “title”:None}
correctID_details[‘id’] = item[‘correct’]
correctID_details[‘title’] = item[‘title’]
correctID.append(correctID_details)
correctID_count = correctID_count + 1
#print(correctID)
#print(correctID_count)
#print(“FullanswerList”)
#####################
j = itemcounter
c = 0
while (c < j):
for item in json_array[‘course’][‘lessons’][answercounter][‘items’][c][‘answers’]:
answer_details = {“id”:None, “title”:None}
answer_details[‘id’] = item[‘id’]
answer_details[‘title’] = item[‘title’]
answer_list.append(answer_details)
c = c + 1
#print(answer_list)
##################
print(“###########################################”)
print(“###-The-Correct-MindTickle-Answers-Are:-###”)
print(“###########################################”)
print(”)
#############################
for id in correctID:
correct_id = id[‘id’]
for x in answer_list:
if x[‘id’] == correct_id:
print(“Question: ” + id[‘title’] + ” “)
print(“Answer : ” + x[‘title’])
print(“——————————————-“)
print(”)
print(“#############——ENJOY—–##############”)
print(“####-Created-By-MSX-@-Rootsecurity.nl-#####”)
print(“#############–23/03/2020–################”)
print(“###########################################”)
3. Execute the file in python like shown below
pic-2
4. Enter the file location of the stored index.html file as shown below and click enter
pic-3
5. Enjoy the output of questions and answers together
pic-5