Posts

Introduction Account Takeover Fraud (ATO) occurs when cyber criminals gain unauthorized access to a victim’s accounts. Commonly, this happens as a result of phishing, social engineering, data breach, or malware. Criminals may target a variety of accounts including eCommerce, social media, and financial services, often with the goal of financial gain. In 2024, according to the Veriff Fraud Report 2025, ATO fraud increased 13% over 2023. When carrying out phishing campaigns, cyber criminals will often utilize phishing kits to simplify the process. These are collections of resources and tools that ease the deployment process, effectively lowering the barrier to entry, enabling less technical individuals to launch attacks. Often, these kits contain spoofed login pages and the scripts needed to receive stolen data, including credentials and personally identifiable information (PII). In recent years, according to IBM, technology brands such as Microsoft and Google have been the most targeted, followed by financial services such as Visa and Mastercard. ...

Machine Info Name Sightless OS Linux Difficulty Medium Release Date 2024-12-05 Completed 2025-03-09 In addition to the machine’s IP address, the credentials matthew:96qzn0h2e1k3 are provided. Reconnaissance nmap nmap finds 4 open ports; 22/tcp (SSH), 80/tcp (HTTP), 10050/tcp (tcpwrapped), and 10051 (ssl/zabbix-trapper). ┌──(kali㉿kali)-[~] └─$ nmap -p- --min-rate 8000 -sCV 10.10.11.50 Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-08 11:54 EST Warning: 10.10.11.50 giving up on port because retransmission cap hit (10). Nmap scan report for 10.10.11.50 Host is up (0.14s latency). Not shown: 65531 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 3e:ea:45:4b:c5:d1:6d:6f:e2:d4:d1:3b:0a:3d:a9:4f (ECDSA) |_ 256 64:cc:75:de:4a:e6:a5:b4:73:eb:3f:1b:cf:b4:e3:94 (ED25519) 80/tcp open http Apache httpd 2.4.52 ((Ubuntu)) |_http-title: Site doesn't have a title (text/html). |_http-server-header: Apache/2.4.52 (Ubuntu) 10050/tcp open tcpwrapped 10051/tcp open ssl/zabbix-trapper? Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 34.54 seconds Port 22 (SSH) is running OpenSSH. Based on the version detected by nmap, the host is likely running Ubuntu 22.04 Jammy. ...

Machine Info Name Sightless OS Linux Difficulty Medium Release Date 2025-01-23 Completed 2025-02-16 Reconnaissance nmap nmap finds 2 open ports; 22/tcp (SSH), and 80/tcp (HTTP). ┌──(kali㉿kali)-[~] └─$ nmap -p- --min-rate 8000 -sCV 10.10.11.59 Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-09 15:25 EST Warning: 10.10.11.59 giving up on port because retransmission cap hit (10). Nmap scan report for 10.10.11.59 Host is up (0.072s latency). Not shown: 64389 closed tcp ports (reset), 1144 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 3e:ea:45:4b:c5:d1:6d:6f:e2:d4:d1:3b:0a:3d:a9:4f (ECDSA) |_ 256 64:cc:75:de:4a:e6:a5:b4:73:eb:3f:1b:cf:b4:e3:94 (ED25519) 80/tcp open http nginx 1.18.0 (Ubuntu) |_http-title: Did not follow redirect to http://strutted.htb/ |_http-server-header: nginx/1.18.0 (Ubuntu) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 26.86 seconds Port 22 (SSH) is running OpenSSH. Based on the version detected by nmap, the host is likely running Ubuntu 22.04 Jammy. ...