Knapsy’s brain dump

IT security and other /dev/random stuff.

Escape From SHELLcatraz - Breaking Out of Restricted Unix Shells (SecTalks Melbourne 0x01 2016)

| Comments

Today I had a pleasure of presenting at one of the first SecTalks Melbourne sessions - if you’re from Melbourne, Australia area and into IT security / geeky stuff, make sure to sign up!

The talked covered basic methodology as well as some tips and tricks on breaking out of restricted Unix shells (such as rbash and rksh) that I came across during several CTFs and also at the “real life” engagements.

The slides from my talk are available at SpeakerDeck here.

Enjoy! :)

Easy File Sharing Web Server v7.2 - Remote SEH Buffer Overflow (DEP Bypass With ROP)

| Comments

Just a few weeks ago I attended an amazing training on exploit development on Windows - Corelan Bootcamp. I have to admit, it’s probably the best instructor led course I have ever attended; massive props to Peter “corelanc0d3r” who is a fantastic teacher and to OJ “TheColonial” for organising it.

Okay, with credits out of the way, let’s talk exploits! Since everything I learned at the bootcamp is still fresh in my head, I thought it will be good to practice it a bit more and make sure all of the information sinks in properly.

So, off I went to exploit-db and, after some poking around in DoS and PoC section, I found an exploit that I thought of redesigning and improving - Easy File Sharing Web Server 7.2 - Remote SEH Based Overflow.

OSCP - Thoughts and Tips

| Comments

I’ve been pretty quiet on here for the last couple months as I’ve been really busy taking Penetration testing with Kali Linux (PWK) training course, followed by the Offensive Security Certified Professional (OSCP) exam.

You’ll find tons of other blog posts and reviews about the course and exam itself, so I won’t be repeating what you should be able to find elsewhere, instead, I’ll just try to give you a brief overview of what it is, how did I find it and some simple tips and tricks that will help you prepare for it.

PNG From Hell - Ruxcon CTF Challenge

| Comments

Some time ago now I was lucky enough to take part in Ruxcon CTF, which was absolutely awesome - learnt bunch of new things and met heaps of cool people!

There was a wide variety of different challenges, but this particular one REALLY did my head in. I spent way too much time on it during the CTF and unfortunately didn’t manage to break it. Then recently, I decided to take a look at it again and, with a lot less hassle than I thought, I nailed it!

Let me introduce you to my most hated PNG of all times…

Kvasir VM Writeup

| Comments

It sort of became the main theme of this blog… yet another writeup for a VM from VulnHub and, I have to admit, probably the most demanding one yet!

Kvasir touches on quite a lot of aspects of security/pentesting and really tests your patience. Rasta Mouse did a great job putting it all together and simulating a network of quite some depth by using Linux containers.

So, without delying too much, let’s get right into it as there’s A LOT to go through!

Beating the Troll - Tr0ll2 Writeup

| Comments

Damn, I love VulnHub - always keeps me entertained! With so many VMs released recently and with me just coming off an awesome CTF I have been kept quite busy those last couple weeks! Keeping the momentum up, I decided to give Tr0ll2 VM a shot. As expected, there were trolls on the way, but overall I quite enjoyed it! Alright, let’s rock on.

Knock-Knock VM Walkthrough

| Comments

Just after awesome weekend hacking away at Ruxcon, VulnHub delivered yet another boot2root VM - wow, that’s been busy (and fun) last couple of weeks! Good practice for another big CTF that is coming up for me very soon…

Anyway, without too much of an intro, let’s get to it!

Basic Shellshock Exploitation

| Comments

Unless you were living under the rock for the last 2 weeks or so, you probably heard about a vulnerability in Bourne Again Shell (BASH), aka “Shellshock” (who comes up with those names?!) aka “Bash bug” aka “OMG! Internet is coming to an end” aka… you get the idea :)

Working in security field, I have heard about it a lot, maybe even too much in the last couple weeks and, after it has been publicly announced, I saw lots of failed exploitation attempts hitting Internet facing servers under my jurisdiction.

I have researched the vulnerability (CVE-2014-6271 and other flavours of it) a fair bit, saw heaps of malicious traffic, but actually never seen a successful exploit (well, that’s a good thing I guess…) and never had a chance to play with it on an actual vulnerable machine.

And yet, here it comes vulnhub.com again with a tiny VM created specifically for this purpose - to get your hands dirty with this particular vulnerability. So… let’s get started, shall we?

Persistence VM Writeup

| Comments

Persistence was a new VM available at vulnhub.com provided by sagi and superkojiman and there was actually an entire competition going on for a whole month based around it.

I decided to try myself and see how far I will be able to get to… and because I’m the type who doesn’t give up easily, I managed to finally get a root shell and learn A LOT all the way throughout the challange. I wanted to document everything I did as it could be a good reference point for me in the future and maybe some people will also be able to benefit from it. So… let’s get to it!