Get Some Cyber with the U.S. Army

Reading time ~3 minutes

Army Cyber

I rarely watch TV and when I do it’s almost always DVRed so I can skip commercials. But one advert for the U.S. Army caught my eye even while fast forwarding through the break. I went back and actually watched the ad. Then I went back and paused the playback to view the technobabble that was slow-rolled onto the blacked ruggedized laptop (dude, the hacker uses a Durabook? Maybe, it’s really the NSA).

If you haven’t seen it, you can view the original commercial below.

Now on to the fun stuff.

Hacker Laptop

That can’t be fun to lug around. At least we have a power LED going to show the machine is actually running. Still, the character output is so smooth and slow. Are we watching the output from a remote session over a 2400 baud modem? Moving right along…

Enhance

Army Cyber

That’s a bit better. Let’s dig in.

Our badactor user is running a Linux machine named cyberweapon. For the life of me, I can’t figure out why the computer security sector has latched onto cyber like a barnacle to a mothballed destroyer. Just makes me think of the Lawnmower Man. No one wants to be reminded of that.

But cool, we’re going to run nmap against a website target. Executed on September 20th, 2016 it’s a bit curious why anyone would be running an 11 year old version of nmap. nmap 4.11 was released in June of 2006. The current release (as of this writing) is 7.40. 7.12 would’ve been a good stable version to be using. It was released in March of 2016. Regardless, that’s a lotta revs behind.

Dem Ports

Digging into what nmap pulled from our target machine, we find more 11 year old software– OpenSSH 4.3 and Apache 2.3.3 are both from 2006. Given that additional note with Apache that the target machine is running CentOS, we can guess it’s a CentOS 4 release at best. Well support for that OS is well and truly past.

But our attacker should be jumping for joy at this point. Look at all the lovely ports left open. mysql and plain HTTP Apache are prime targets along with the rpc ports. But wait, what’s this?

Dem Ports

The Mac address OUI of the target comes back as Cadmus Computer Systems. Who? Oh, VirtualBox. Our target is a virtual machine and probably local given the private IP space (192.168.0.x) and last octet sequence (101).

Lastly from nmap

Uptime

0.169 days or 4 hours, 3 minutes, 21 seconds; give or take some millis. From November of 2013 which given the 2016 release of the advertisement gives a bit more credence to the idea that our target host is a VirtualBox VM.

The rest of the scroll is a nessus command, followed by a curl. We see the output of neither command, so there’s not much more we can guess.

Conclusion

Did the makers of this advert actually fire up a 3 year old VM, of a 10 year old OS to make this little dramatic intro? Certainly looks like it. Then again, the little bit of film could be stock footage from 2013 and I’m all shades of wrong. Even if that’s the case, who’s running a 7 year old version of CentOS. Is the military that far behind?

None of that really matters, though, because the use of actual SecOps tools to make this advertisement is a good thing in and of itself. Having it all be older than dirt (in technology terms) is irrelevant. The point is that I watched and paid attention to the advertisement. That’s at least 90% of the battle right there.

piTravel Clock Build

![da clock](/images/posts/2018-travel-clock-sm.jpg)Setting a clock should be a thing of the past. There are enough radiosignals bouncing...… Continue reading

Let's Encrypt Gitlab Again...

Published on July 25, 2018