B2R: SickOSv1.2

December 20, 2016

Executive Summary This machine had an unprotected folder which allowed uploading of malicious PHP code which could then be executed remotely. An attacker could then create an unprivileged shell on the victim machine and begin to explore the system for additional vulnerabilities which could lead to a full compromise. During the exploration, an outdated version of chkrootkit was found. By exploiting a known vulnerability in the way chkrootkit parses arguments, an attacker could create a malicious file that would later be run by chkrootkit as a fully privileged user. ... Read more

B2R: IMF Walkthrough

November 1, 2016

After mapping the network and finding our IP address at 192.168.1.162, we can add it to our /etc/hosts temporarily to make things a little easier for us. echo "192.168.1.162 imf" >> /etc/hosts Lets see what kind of machine we’re dealing with. Ok, so web only. Great. nikto didn’t reveal any low-hanging fruit so let’s dive into the source. Check that out! Our first flag was hidden in http://imf/contact.php. This looks like base64. ... Read more

B2R: Tr0ll Walkthrough

October 20, 2016

A couple of weeks ago, work sent me to a security class for an upcoming product. While there, I learned about vulnhub, a repository of intentionally vulnerable virtual machines for anyone to compromise. Since coming back, vulnhub has become my new obsession. Here’s a walkthrough of my attempt. Note: I struggled a bit more that this writeup lets on. The struggle is ommited for clarity and brevity. __ After finding the VM with an nmap scan, we see a couple of open ports. ... Read more