OverTheWire Natas Level 2

1 minute read Nov 1, 2012 Comments
Level 2 of OverTheWire’s Natas wargame is a little more fun than the previous two. It’s also pretty simple, though. You start out on a page that tells you that there is nothing on it. Like previous levels, I then viewed the source to see what was in the code. It appears that there’s a 1x1 pixel image present on the page. It’s located in a “files” directory of the webserver.

OverTheWire Natas Level 1

1 minute read Oct 31, 2012 Comments
In continuing with the Natas wargame from OverTheWire, I tried my hand at level 1. It too was pretty easy. It was just like the level 0, except that right-clicking was disabled via javascript. You start out by being told that the password can be found on the page that you’re on, just like the last one. If you do try to right-click to view the source, you get a shiny error message stating that it has been blocked.

OverTheWire Natas Level 0

1 minute read Oct 30, 2012 Comments
I recently read that OverTheWire had released a new wargame, so I decided to play for fun. The first level is extremely easy. You are presented with a page that tells you that you are able to find the password on this page. If you then view the source, you can see the password to the next level is in plain text, in an HTML comment.

Sysax 5.64 HTTP Remote Buffer Overflow

2 minute read Jul 28, 2012 Comments
I have discovered a bug in the Sysax Multi-Server application. More specifically, it’s in the HTTP File Server service, which is not enabled by default. It has to be turned on by the admin for this exploit to properly function. The user in question also needs permission to create a directory. In the Sysax service, the configuration would look like this: To trigger this vulnerability is pretty simple. Log into the HTTP File Server:

OSCP Certification in the mail

1 minute read Jul 8, 2012 Comments
So previously, I had blogged about recently getting OSCP certified. I came home from my vacation to find a package from Offensive Security in my mailbox all the way from Israel. After getting settled down, I opened the package and found some my certificate, wrapped in a nice folder, that I have filed away to keep forever. Here is the front: The back of the folder had me laughing for several minutes.

Exploit Exercises - Fusion 01

7 minute read Jul 3, 2012 Comments
It’s been a while since I last did a write-up about Exploit Exercises. I’m starting to look back at it now, since I have some more free time again. I’ve now, as I’m sure you can guess by the title of this post, solved level 01. So this level is very similar to the first, except that it has ASLR and doesn’t tell us where the buffer is on every execution.

PWB Conclusions and the Future

3 minute read Jun 24, 2012 Comments
The results As I posted previously, I was taking the PWB course from Offensive Security. I am happy to report that I passed with flying colors (100%)! This is the best email I’ve ever received: Advice for new students During the course, I learned several things, including many things about myself. Do the PDF/Video work first. If you wait until the end, you will hate your life. It’s so droll and boring.

Exploit Exercises - Fusion 00

5 minute read Apr 9, 2012 Comments
I was very excited to see the announcement on twitter, that Fusion was going to be released, even if it’s just the first 10 levels. I was a bit bummed, as I didn’t think I’d get to work on it much, until I complete PWB, but I managed to find a little time to at least start it. I pulled up level 00, which looks to be a basic stack overflow in an http server.

PWB Progress and Impressions

5 minute read Mar 27, 2012 Comments
I recently decided to take Offensive Security’s course, Penetration Testing with Backtrack. I’m now 30 days in, of my 90 day allotment. I figured I would share my impressions and what I’ve learned up to now, without being specific enough to give anything away to future students. The Wait So I decided to take the class, and submitted the order on February 16th 2012. Offensive Security starts new classes each Sunday, and apparently the one starting on February 18th was already full, so I ended up waiting until February 25th.

Using .net to bypass AV

3 minute read Feb 23, 2012 Comments
I’ve read a ton of articles on bypassing Antivirus software when trying to run shellcode on machines. There’s just a ton available. These are just a few examples: http://dev.metasploit.com/redmine/projects/framework/wiki/Using_a_Custom_Executable_to_Bypass_AV http://www.offensive-security.com/metasploit-unleashed/Antivirus_Bypass http://www.irongeek.com/i.php?page=videos/bypassing-anti-virus-with-metasploit http://clshack.com/metasploit-shellcodeexec-bypassing-any-anti-virus.html http://carnal0wnage.attackresearch.com/2011/07/process-injection-outside-of-metasploit.html I was recently working with some Windows web-servers, which had ASP.net enabled, but not any other useful language. I had recently read about PowerSyringe, so I started tinkering with making some shellcode run similarly. I ended up finding out that I couldn’t do what I was wanting to do in ASP.
Page 4 of 8 1 2 3 4 5 6 7 8