Logo

Critical Data Leakage

intermediate 9 tasks 1 hour
National Insurance company contacting you for assistance regarding a cyber-incident raised by the company
Your task to help an insurance company to investigate a cyber security incident where their clients' critical data has been disclosed publicly.

Discovery and Scanning

5 Points

Overview

What's the story,

A National Vehicles Insurance company contacting you for assistance regarding a cyber-incident raised by the company. The company customers' data leaked to the internet and some investigations indicate that their Customer Management System which run on IP Address [start machine] were targeted by somebody and had stolen critical data.

Using your penetration testing skills & techniques, find the system weaknesses &  investigate the incident by solving the next tasks.

 

First, before you start the investigation:

Make sure to start both lab[victim] vm & kali linux.

Firefox users: to enable copy/paste into browser based machine, type about:config in URL field, search for asyncClipboard, then set all listed items to true

 

[Disconnect any VPN for fast Internet Connection]

Let's start the investigation,

Did you start both lab & kali machines? It may takes up to 5 minutes to start.

 

 

Using kali, conduct a quick port scanning against lab vm and discover the port number of Customer Management System ?

IP Addresses: [start machine]

Answer Format: ****

Full Match Answer:

Discovery and Scanning

5 Points

Find out the server name and version number running the Customer Management System ?

 

Answer Format: server name (one word), version

E.g: Server , 1.0.15

List of Answers:
Join

Web Penetration Test

5 Points

Provide the Vulnerability reference number the attacker used to compromised the system:

 

Answer Format: CVE-****-****

Full Match Answer:

Exploitation

5 Points

What are the url pattern of the two secret files stolen by the attacker ?

 

Answer Format: /******/*******.***, /******/*****.***

List of Answers:

Incident Response

5 Points

As a result of compromising the Customer Management System, the IT team would like to take immediate steps to invalidate the passwords of the accounts possibly impacted.

Could you assist the team to find out all suspected usernames that might be impacted as a result of attack?

 

Answer Format: email1, email2, email3, email4

List of Answers:
Join

Exploitation

5 Points

Around 4 accounts were found to be compromised and used by attacker to access the systems. The security team asked network administrators to disable those users. 

However, read the following comment from security team:

 

It was clear that huge data of our clients has been stolen from our database. We use MySQL database and we restricted access only to localhost Address. So, logically, even internal users cannot access the database. Employees can only access to the Customer Management System but no one has direct access to MySQL.

Additionally, the 2,000 records which were sent to us -By attacker as Prove of Concept- are true and all of them match our clients’ records. Yet we don’t know how many records were stolen.

 

What kind of attack attacker used to steal database records?

Choose One Answer:

Web Penetration Test

5 Points

What is the vulnerable page ?

 

Answer Format: page_name.ext

Full Match Answer:
Join
Join room to see all questions
Join
Join room to see all questions
::

User Profile

List of tasks