-
Set the Controls for the Heart of the Sun
Recently I created my first boot2root challenge, The Wall for the Vulnhub community. I hope everyone enjoys the challenge, and here’s my writeup of the intended path to root. “In 1965, one of the most influential bands of our times was formed.. Pink Floyd. This boot2root box has been created to celebrate 50 years of […]
-
Grabbing loot from vmdk’s
An acquaintance recently dropped me a line asking for some help with a gig she was working on. After sharing the background about the work she had performed so far, she said something which made me promptly sit up and listen… “I have access to backups… Can we do anything with vmdk’s?”. Needless to say, […]
-
Mystery of the NullByte
The flickering neon sign in the street once brightly read “Forensic Investigator”, but now it only serves to send shards of sporadic light into the cracks and crevices that call this neighbourhood home. If you watch the colours long enough, you could almost be convinced that the flicker is morse code for ‘failure’. Looking at […]
-
Acid … just say NO to drugs!
If you follow @Vulnhub you would have noticed that there has recently been quite a few new vulnerable boot2root machines released. Needless to say, you know what time it is… It’s boot2root CTF time! Introducing Acid Server: 1 by @m_avinash143. Welcome to the world of Acid. Fairy tails uses secret keys to open the magical […]
-
Do you even PowerShell?
Last week, Justin Warner and Will Schroeder presented a talk at BSidesLV about a new post-exploitation framework called PowerShell Empire. The PowerShell Empire site describes the framework as “… a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable […]
-
CVE-TBA: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS
On the 7th of July 2015 I discovered a reflected cross-site scripting (XSS) vulnerability in QNAP TS-x09 Network Attached Storage devices. Full disclosure was undertaken with the vendor and a CVE-ID has been requested from Mitre. CVE-ID: requested 7th July 2015 Author: Mark Cross Twitter: @xerubus WWW: www.mogozobo.com Summary A reflected Cross-Site scripting vulnerability was […]
-
CVE-TBA: Cleartext base64 format for transmission of credentials within cookies in QNAP TS-x09 Turbo NAS
On the 13th of July 2015 I discovered a clear text base64 transmission of credentials vulnerability within cookies in QNAP TS-x09 Network Attached Storage devices. Full disclosure was undertaken with the vendor and a CVE-ID has been requested from Mitre. CVE-ID: requested 13th July 2015 Author: Mark Cross Twitter: @xerubus WWW: www.mogozobo.com Summary A plaintext […]
-
Sold! Please take my data…
“One man’s trash is another man’s treasure”. A common saying which I am sure everybody has used at one time or another. A quote we use when we throw away that old 50 inch plasma TV or that synthetic bonded leather sofa which has passed our predetermined use by date. Giving new life to our […]
-
A freshly squeezed cup of pwnage
Rainy weather can only mean one thing… VulnHub challenge time. Today’s menu @TopHatSec’s Freshly challenge. The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :) There are a couple […]
-
Hat tipping TopHatSec ZorZ style
Time for another VulnHub challenge, and this time I decided to take a look at @TopHatSec’s ZORZ challenge. ZORZ is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. I have explained as much as I can in the readme […]
-
AFP Cryptolocker analysis
Another day, another cryptolocker variant. Enter stage left, the AFP cryptolocker scam email. This anaylsis will be shorter than my previous considering there’s not too much different about it apart from the transport method. Should you want more detail, please read this analysis. The suspect email: I amended the anchor link to the following so […]
-
A Thousand Ways to Skin the Sokar Cat
Happy Birthday Vulnhub! As promised at our birthday party last week, we’d like to announce the release of our first competition in 2015…. Sokar! Rasta Mouse (the person to thank and/or blame regarding Kvasir) didn’t bake us a birthday cake, but instead cooked up a brand new virtual machine for you to attack and have […]