From 07568edbcdc2e0993076b1f6e10ef7aae313bf4a Mon Sep 17 00:00:00 2001 From: Leo Date: Sat, 2 May 2026 19:48:28 +0200 Subject: [PATCH] feat: found the exploit in the code and attaced the server --- sheet03/a2/a.txt | 5 ++++ sheet03/a2/b.txt | 77 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) diff --git a/sheet03/a2/a.txt b/sheet03/a2/a.txt index e69de29..6ea5af6 100644 --- a/sheet03/a2/a.txt +++ b/sheet03/a2/a.txt @@ -0,0 +1,5 @@ +The Code uses unsalted hashes of the passwords. +That way there is no random data added to the hashes and it is very easy to find identical hashes using +pre-computed lookup tables. + +Using such a tool we found that the password admin123 has the same hash that is stored for the username admin. \ No newline at end of file diff --git a/sheet03/a2/b.txt b/sheet03/a2/b.txt index e69de29..8967a40 100644 --- a/sheet03/a2/b.txt +++ b/sheet03/a2/b.txt @@ -0,0 +1,77 @@ +07:46:38 leo@group-20 ~ → cat .ssh/config +Host chocolate + User chocolate + Hostname 10.42.23.1 + +07:46:13 leo@group-20 ~ → ssh chocolate +chocolate@10.42.23.1's password: chocolate +Chocolate Factory SCADA Command Line Interface v2.2.144 + +Please, enter your authentication credentials. + +> Username: admin +> Password: admin123 + +Welcome admin! + +We are currently clean on OPSEC. + +Current System Status: + 🏭 Production Line 1: [🟢 ONLINE] - Idle + 🏭 Production Line 2: [🟢 ONLINE] - Running (Secretly Sweet Chocolate Batch #42) + 🏭 Ingredient Hopper (Cocoa): [🟢 ONLINE] - Level: 85% + 🏭 Ingredient Hopper (Sugar): [🟢 ONLINE] - Level: 92% + 🏭 Ingredient Hopper (Milk Powder): [🟢 ONLINE] - Level: 78% + 🌡️ Temperature Control System: [🟢 ONLINE] - Target: 45°C (±0.5°C) + ⚙️ Mixing Unit A: [🟢 ONLINE] - Standby + ⚙️ Mixing Unit B: [🟢 ONLINE] - Active + 🍫 Molding Machine Alpha: [🟢 ONLINE] - Ready + 🍫 Molding Machine Beta: [🟢 ONLINE] - Processing + 🧊 Cooling Tunnel System: [🟢 ONLINE] - Target: 10°C (±1°C) + 📦 Packaging Unit Delta: [🟢 ONLINE] - Awaiting Output + 🤖 Quality Control Bot v3.2: [🟢 ONLINE] - Monitoring + ⚡ Power Supply: [🟢 ONLINE] - Stable + 🌐 Network Connectivity: [🟢 ONLINE] - Good + 🔒 Security System: [🟢 ONLINE] - Active +---------------------------------------------------- +✅ ALL SYSTEMS GREEN. Chocolate production is nominal. ✅ + + +📝 Recipe for 'Secretly Sweet Chocolate Batch #42 + + Ingredients: + + 1 'Bargain Bin Chocolate Chunk' + (obtained from ... questionable sources) + 3 'Heaping Spoonfuls of Questionable Granules' + (definitely not pure sugar) + A splash of 'Mysterious Gloss' + (something called vasline, maybe inedible, + but it makes things shiny!) + + + Instructions: + + Acquire the Goods: + Locate and 'liberate' the cheapest-looking chocolate + you can get from the competition. + The Melt Down: + Subject the 'Bargain Bin Chocolate Chunk' to intense heat. + The goal is a questionable, slightly lumpy liquid. + Sweeten the Deal: + Introduce the 'Heaping Spoonfuls of Questionable Granules' + to the melted chocolate. Stir vigorously (or just shake the + container violently). The mixture should become alarmingly + sweet. + The Glossy Finish: + Add a dash of 'Mysterious Gloss.' This will give the product + an unsettlingly shiny appearance. + Mold it (Sort Of): + Pour the concoction into a vaguely bar-shaped container (the + packaging of the input chocolate might work?). + The Pay Off: + Pay tons of influencers to advertise this as the best + chocolate they have ever tasted, and price this chocolate + at a ridiculous high price!!1! 🤑💰💸 + +Connection to 10.42.23.1 closed. \ No newline at end of file