Enumeration nmap scan Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-29 17:45 IST Nmap scan report for 10.129.134.71 (10.129.134.71) Host is up (0.076s latency). Not shown: 65516 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-06-29 12:17:20Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: MEGABANK.
Enumeration nmap scan โ mostwanted002@Loki Forest please nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt [sudo] password for mostwanted002: Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-23 18:24 IST Nmap scan report for 10.129.95.210 (10.129.95.210) Host is up (0.074s latency). Not shown: 65512 closed tcp ports (reset) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-06-23 13:01:56Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: htb.
Enumeration nmap scan # Nmap 7.92 scan initiated Wed Jun 22 05:43:29 2022 as: nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt Nmap scan report for 10.129.121.9 (10.129.121.9) Host is up (0.070s latency). Not shown: 65530 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 |_http-title: Fidelity |_http-server-header: Microsoft-IIS/10.0 | http-methods: |_ Potentially risky methods: TRACE 135/tcp open msrpc Microsoft Windows RPC 3306/tcp open mysql?
Contents Disclamer Introduction ContiLeaks Zipped Locker Unzipped Locker backdoor.js Source Code Analysis: Locker Initialization Command Line Arguments Modifying the Code Searching for Files Cryptanalysis Source Code Analysis: Decryptor Cryptanalysis Performance Conclusion 1. Disclaimer I wonโt be releasing/sharing exact complete source-code out of respect to the person because of whom this all was possible.
Researchers:
Mayank Malik ( mostwanted002@protonmail.com)
Kartik Sharma ( 98kartik.sharma@gmail.com)
Severity: Medium
Version: 3.0.1 to 7.0.1
Vulnerable Endpoint: http://<grafanaHost>/avatar/*
Overview Grafana is the open-source analytics & monitoring solution for every database. According to Grafana’s patch notes dated June 3rd, 2020, there was an “Incorrect Access Control” vulnerability in Grafana 3.0.1 through Grafana 7.0.1 on the /avatar feature through which an attacker/adversary was able to perform Server Side Request Forgery (SSRF) attack.