Mogozobo
  • Subscribe
  • Twitter
  • Facebook
  • Infosec
  • Assignment
  • Fishing
  • Family
  • General
  • Set the Controls for the Heart of the Sun

    Recently I created my first boot2root challenge, The Wall for the Vulnhub community. I hope everyone enjoys the challenge, and here’s my writeup of the intended path to root. “In 1965, one of the most influential bands of our times was formed.. Pink Floyd. This boot2root box has been created to celebrate 50 years of […]

    Posted: November 26th, 2015 ˑ  No Comments
    Filled under: Infosec
  • Grabbing loot from vmdk’s

    An acquaintance recently dropped me a line asking for some help with a gig she was working on. After sharing the background about the work she had performed so far, she said something which made me promptly sit up and listen… “I have access to backups… Can we do anything with vmdk’s?”. Needless to say, […]

    Posted: November 21st, 2015 ˑ  No Comments
    Filled under: Infosec
  • Mystery of the NullByte

    The flickering neon sign in the street once brightly read “Forensic Investigator”, but now it only serves to send shards of sporadic light into the cracks and crevices that call this neighbourhood home. If you watch the colours long enough, you could almost be convinced that the flicker is morse code for ‘failure’. Looking at […]

    Posted: August 27th, 2015 ˑ  2 Comments
    Filled under: Infosec
  • Acid … just say NO to drugs!

    If you follow @Vulnhub you would have noticed that there has recently been quite a few new vulnerable boot2root machines released. Needless to say, you know what time it is… It’s boot2root CTF time! Introducing Acid Server: 1 by @m_avinash143. Welcome to the world of Acid. Fairy tails uses secret keys to open the magical […]

    Posted: August 24th, 2015 ˑ  No Comments
    Filled under: Infosec
  • Do you even PowerShell?

    Last week, Justin Warner and Will Schroeder presented a talk at BSidesLV about a new post-exploitation framework called PowerShell Empire. The PowerShell Empire site describes the framework as “… a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable […]

    Posted: August 16th, 2015 ˑ  No Comments
    Filled under: Infosec
  • CVE-TBA: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS

    On the 7th of July 2015 I discovered a reflected cross-site scripting (XSS) vulnerability in QNAP TS-x09 Network Attached Storage devices. Full disclosure was undertaken with the vendor and a CVE-ID has been requested from Mitre. CVE-ID: requested 7th July 2015 Author: Mark Cross Twitter: @xerubus WWW: www.mogozobo.com Summary A reflected Cross-Site scripting vulnerability was […]

    Posted: July 24th, 2015 ˑ  No Comments
    Filled under: Infosec
  • CVE-TBA: Cleartext base64 format for transmission of credentials within cookies in QNAP TS-x09 Turbo NAS

    On the 13th of July 2015 I discovered a clear text base64 transmission of credentials vulnerability within cookies in QNAP TS-x09 Network Attached Storage devices. Full disclosure was undertaken with the vendor and a CVE-ID has been requested from Mitre. CVE-ID: requested 13th July 2015 Author: Mark Cross Twitter: @xerubus WWW: www.mogozobo.com Summary A plaintext […]

    Posted: July 24th, 2015 ˑ  No Comments
    Filled under: Infosec
  • Sold! Please take my data…

    “One man’s trash is another man’s treasure”. A common saying which I am sure everybody has used at one time or another. A quote we use when we throw away that old 50 inch plasma TV or that synthetic bonded leather sofa which has passed our predetermined use by date. Giving new life to our […]

    Posted: July 15th, 2015 ˑ  No Comments
    Filled under: Infosec
  • A freshly squeezed cup of pwnage

    Rainy weather can only mean one thing… VulnHub challenge time. Today’s menu @TopHatSec’s Freshly challenge. The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :) There are a couple […]

    Posted: May 3rd, 2015 ˑ  No Comments
    Filled under: Infosec
  • Hat tipping TopHatSec ZorZ style

    Time for another VulnHub challenge, and this time I decided to take a look at @TopHatSec’s ZORZ challenge. ZORZ is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. I have explained as much as I can in the readme […]

    Posted: May 1st, 2015 ˑ  No Comments
    Filled under: Infosec
  • AFP Cryptolocker analysis

    Another day, another cryptolocker variant. Enter stage left, the AFP cryptolocker scam email. This anaylsis will be shorter than my previous considering there’s not too much different about it apart from the transport method. Should you want more detail, please read this analysis. The suspect email: I amended the anchor link to the following so […]

    Posted: April 30th, 2015 ˑ  No Comments
    Filled under: Infosec
  • A Thousand Ways to Skin the Sokar Cat

    Happy Birthday Vulnhub! As promised at our birthday party last week, we’d like to announce the release of our first competition in 2015…. Sokar! Rasta Mouse (the person to thank and/or blame regarding Kvasir) didn’t bake us a birthday cake, but instead cooked up a brand new virtual machine for you to attack and have […]

    Posted: February 22nd, 2015 ˑ  1 Comment
    Filled under: Infosec
Previous page 
Next page 
© 2015 Mogozobo. All images are copyrighted by their respective authors.