Sign in

Kali Linux is not one of the officially supported distros by the ZeroTier installer script, so if you just try to use it you will get an error message along the lines of:

Kali Linux is based on Debian testing, so we can just “trick” the ZeroTier install script into thinking it’s Debian and it installs just fine:


(image taken from https://nakedsecurity.sophos.com/2019/07/09/backdoor-discovered-in-ruby-strong_password-library/)

This article is a result of playing SANS NetWars Continuous level 5 (attack/defense) for several weeks. When you get access to opponent’s machine, it is highly desirable to leave backdoors that allow you to get back in once your access is blocked. Below, I’m describing some of the techniques I’ve…


I’ve been experimenting with xxelab (https://github.com/jbarone/xxelab), a simple PHP web app demonstrating XXE attacks, trying to replicate code execution through expect:// PHP wrapper. (Shameless plug — my recently submitted pull request allows you to run xxelab in a Docker container). …


I was recently configuring Docker on a machine that didn’t have direct access to the Internet and had to use proxy for outbound connectivity, and it turned out to be a non-trivial task. All of this info is scattered around the Internet, I’m just bringing it all together. …


On occasion you need to listen for incoming connections and interact with the data being sent by the client. Most simple way might be with netcat (12345 is the port number to listen to):

(-l for listen, -v for verbose, this will let you know once…


I just released cms2cmd, a CMS plugin that can be used with Drupal 7, Drupal 8, Joomla and Wordpress as a simple command execution mechanism.

Occasionally during a CTF (or a pen test?) you might gain admin access to a CMS, which in most configurations gives you RCE. cms2cmd is…


Background

To connect to a database, Java applications usually use JDBC framework. Part of the framework is JDBC drivers, that are usually supplied by the DMBS vendor. …


I like seeing CPU load on my boxes, so pretty much all of them have some sort of CPU load gadget enabled on startup. I noticed every time I have to configure this on a Kali box I’m struggling to remember the package names for what I have to install, so having done it today I decided to do a write this so I don’t have to struggle next time.

It’s fairly simple, really:

  • Install gnome-shell-extension-system-monitor package (doesn’t require addition of PPA compared to indicator-multiload):
  • Open Tweaks (either find it in the menu under Applications -> Usual Applications -> System tools -> Preferences, or press the Windows key and type tweaks to search for it).
  • Select Extensions, enable System-monitor, click on the gear and set your preferences.
  • Enjoy.

Let’s tackle the Protostar Format 4 challenge from Exploit Exercises (https://exploit-exercises.com/protostar/format4/). This is a detailed step-by-step walkthrough explaining all the tools and techniques needed — we’ll be writing a format string exploit.

Format 4 Challenge

Here’s the source code for the challenge, format4.c:


Having previously tackled the last stack challenge in Protostar from Exploit Exercises (https://medium.com/@airman604/protostar-stack7-walkthrough-2aa2428be3e0), we’re now switching to the last heap challenge (https://exploit-exercises.com/protostar/heap3/).

Heap 3 Challenge

Here’s the source code for the Protostar Heap 3 challenge:

Airman

Random rumblings about #InfoSec. The opinions expressed here are my own and not necessarily those of my employer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store