Knapsy’s brain dump

IT security and other /dev/random stuff.

FileVault CTF Challenge - ELF X64 Buffer Overflow

| Comments

It’s been quite a while since I have done a CTF, but just very recently I got a chance to participate in one and came across a pretty interesting challenge which forced me to go back and re-learn exploit dev in Unix environments. Also had to brush up on my gdb knowledge…

QuickZip 4.60 - Win7 X64 SEH Overflow (Egghunter) With Custom Encoder

| Comments

As a part of my preparations for the OSCE exam, I have been trying to find some interesting exploits and PoC code to practice my skills on and learn something new in the exploit development department.

After some digging, I stumbled across a QuickZip v4.60 Buffer Overflow exploit, which is very well documented by corelanc0d3r in a thorough blog post here.

Since the exploit itself is from 2010, it was designed to work on 32-bit Windows XP only. I decided to try and see if I can recreate it on a 64-bit Windows 7 and damn, was that a (fun) challenge!

Escape From SHELLcatraz - Breaking Out of Restricted Unix Shells (SecTalks Melbourne 0x01 2016)

| Comments

Today I had a pleasure of presenting at one of the first SecTalks Melbourne sessions - if you’re from Melbourne, Australia area and into IT security / geeky stuff, make sure to sign up!

The talked covered basic methodology as well as some tips and tricks on breaking out of restricted Unix shells (such as rbash and rksh) that I came across during several CTFs and also at the “real life” engagements.

The slides from my talk are available at SpeakerDeck here.

Enjoy! :)

Easy File Sharing Web Server v7.2 - Remote SEH Buffer Overflow (DEP Bypass With ROP)

| Comments

Just a few weeks ago I attended an amazing training on exploit development on Windows - Corelan Bootcamp. I have to admit, it’s probably the best instructor led course I have ever attended; massive props to Peter “corelanc0d3r” who is a fantastic teacher and to OJ “TheColonial” for organising it.

Okay, with credits out of the way, let’s talk exploits! Since everything I learned at the bootcamp is still fresh in my head, I thought it will be good to practice it a bit more and make sure all of the information sinks in properly.

So, off I went to exploit-db and, after some poking around in DoS and PoC section, I found an exploit that I thought of redesigning and improving - Easy File Sharing Web Server 7.2 - Remote SEH Based Overflow.

OSCP - Thoughts and Tips

| Comments

I’ve been pretty quiet on here for the last couple months as I’ve been really busy taking Penetration testing with Kali Linux (PWK) training course, followed by the Offensive Security Certified Professional (OSCP) exam.

You’ll find tons of other blog posts and reviews about the course and exam itself, so I won’t be repeating what you should be able to find elsewhere, instead, I’ll just try to give you a brief overview of what it is, how did I find it and some simple tips and tricks that will help you prepare for it.

PNG From Hell - Ruxcon CTF Challenge

| Comments

Some time ago now I was lucky enough to take part in Ruxcon CTF, which was absolutely awesome - learnt bunch of new things and met heaps of cool people!

There was a wide variety of different challenges, but this particular one REALLY did my head in. I spent way too much time on it during the CTF and unfortunately didn’t manage to break it. Then recently, I decided to take a look at it again and, with a lot less hassle than I thought, I nailed it!

Let me introduce you to my most hated PNG of all times…

Kvasir VM Writeup

| Comments

It sort of became the main theme of this blog… yet another writeup for a VM from VulnHub and, I have to admit, probably the most demanding one yet!

Kvasir touches on quite a lot of aspects of security/pentesting and really tests your patience. Rasta Mouse did a great job putting it all together and simulating a network of quite some depth by using Linux containers.

So, without delying too much, let’s get right into it as there’s A LOT to go through!

Beating the Troll - Tr0ll2 Writeup

| Comments

Damn, I love VulnHub - always keeps me entertained! With so many VMs released recently and with me just coming off an awesome CTF I have been kept quite busy those last couple weeks! Keeping the momentum up, I decided to give Tr0ll2 VM a shot. As expected, there were trolls on the way, but overall I quite enjoyed it! Alright, let’s rock on.

Knock-Knock VM Walkthrough

| Comments

Just after awesome weekend hacking away at Ruxcon, VulnHub delivered yet another boot2root VM - wow, that’s been busy (and fun) last couple of weeks! Good practice for another big CTF that is coming up for me very soon…

Anyway, without too much of an intro, let’s get to it!