Sytryx - Pentester Wannabe
@sytryxx.bsky.social
Cybersecurity (+6 years)
5️⃣ Information Gathering :
The Telegram Bot api key is plaintext hardcoded.
The bot sends all the informations through a private chat to a specific user.
—-
Got my report 🎅
The Telegram Bot api key is plaintext hardcoded.
The bot sends all the informations through a private chat to a specific user.
—-
Got my report 🎅
January 22, 2025 at 10:58 PM
5️⃣ Information Gathering :
The Telegram Bot api key is plaintext hardcoded.
The bot sends all the informations through a private chat to a specific user.
—-
Got my report 🎅
The Telegram Bot api key is plaintext hardcoded.
The bot sends all the informations through a private chat to a specific user.
—-
Got my report 🎅
4️⃣ Nothing to hide ?
The site then redirects the user to Wetransfer : attachment expired.
Let’s take a look back to the first website
Examining the source code uncovered an interesting JS that sent entered data to a Telegram Chat 💣
The site then redirects the user to Wetransfer : attachment expired.
Let’s take a look back to the first website
Examining the source code uncovered an interesting JS that sent entered data to a Telegram Chat 💣
January 22, 2025 at 10:58 PM
4️⃣ Nothing to hide ?
The site then redirects the user to Wetransfer : attachment expired.
Let’s take a look back to the first website
Examining the source code uncovered an interesting JS that sent entered data to a Telegram Chat 💣
The site then redirects the user to Wetransfer : attachment expired.
Let’s take a look back to the first website
Examining the source code uncovered an interesting JS that sent entered data to a Telegram Chat 💣
3️⃣ The Website:
After a captcha ( to bypass initial scanners), the site prompts the user to enter their email and a password to unlock the attachment. 🔐
No password was provided in the email, tricking unaware users into divulging their usual password.
After a captcha ( to bypass initial scanners), the site prompts the user to enter their email and a password to unlock the attachment. 🔐
No password was provided in the email, tricking unaware users into divulging their usual password.
January 22, 2025 at 10:58 PM
3️⃣ The Website:
After a captcha ( to bypass initial scanners), the site prompts the user to enter their email and a password to unlock the attachment. 🔐
No password was provided in the email, tricking unaware users into divulging their usual password.
After a captcha ( to bypass initial scanners), the site prompts the user to enter their email and a password to unlock the attachment. 🔐
No password was provided in the email, tricking unaware users into divulging their usual password.
2️⃣ The PDF:
The PDF was legitimate. It instructed to click on a link to retrieved the signed quote.
Of course, it expires in 2 days ...
Redirect URL: https://goat[.]tuilles[.]com
@virustotal scan shows all clear.
The PDF was legitimate. It instructed to click on a link to retrieved the signed quote.
Of course, it expires in 2 days ...
Redirect URL: https://goat[.]tuilles[.]com
@virustotal scan shows all clear.
January 22, 2025 at 10:58 PM
2️⃣ The PDF:
The PDF was legitimate. It instructed to click on a link to retrieved the signed quote.
Of course, it expires in 2 days ...
Redirect URL: https://goat[.]tuilles[.]com
@virustotal scan shows all clear.
The PDF was legitimate. It instructed to click on a link to retrieved the signed quote.
Of course, it expires in 2 days ...
Redirect URL: https://goat[.]tuilles[.]com
@virustotal scan shows all clear.
1️⃣ The Email:
It came from a fake company claiming her signed quote was ready in attached PDF, with proof of payment.
It came from a fake company claiming her signed quote was ready in attached PDF, with proof of payment.
January 22, 2025 at 10:58 PM
1️⃣ The Email:
It came from a fake company claiming her signed quote was ready in attached PDF, with proof of payment.
It came from a fake company claiming her signed quote was ready in attached PDF, with proof of payment.
6/7: ⚠️ Stay vigilant! LLMNR Poisoning is an easy gateway for attackers, enabled by default on every Windows Machine 🚨 If your company has an internal DNS, disable it immediately.
January 3, 2025 at 7:10 PM
6/7: ⚠️ Stay vigilant! LLMNR Poisoning is an easy gateway for attackers, enabled by default on every Windows Machine 🚨 If your company has an internal DNS, disable it immediately.
5/7: 🦠 It is extremely easy for an attacker to set up. He just has to launch the Responder tool ( by default on Kali ) and wait for an LLMNR request to come through.
January 3, 2025 at 7:10 PM
5/7: 🦠 It is extremely easy for an attacker to set up. He just has to launch the Responder tool ( by default on Kali ) and wait for an LLMNR request to come through.
4/7: 🌐 The catch? Anyone, especially attackers, can respond to the LLMNR request with a rogue IP, tricking the system and snagging NTLMv2 hashes via a fake challenge/response authentication.
January 3, 2025 at 7:10 PM
4/7: 🌐 The catch? Anyone, especially attackers, can respond to the LLMNR request with a rogue IP, tricking the system and snagging NTLMv2 hashes via a fake challenge/response authentication.
3/7: 🤔 Picture this: a user mistypes a share name, say 'Public' to 'Publicz.' DNS is clueless, LLMNR kicks in. A Multicast request accross your local network is send, asking for the desire resource.
January 3, 2025 at 7:10 PM
3/7: 🤔 Picture this: a user mistypes a share name, say 'Public' to 'Publicz.' DNS is clueless, LLMNR kicks in. A Multicast request accross your local network is send, asking for the desire resource.
2/7: 🕵️ LLMNR (Link-Local Multicast Name Resolution) is a fallback protocol. When DNS fails to resolve a hostname, machines turn to LLMNR to find it.
January 3, 2025 at 7:10 PM
2/7: 🕵️ LLMNR (Link-Local Multicast Name Resolution) is a fallback protocol. When DNS fails to resolve a hostname, machines turn to LLMNR to find it.