Kali Linux is not one of the officially supported distros by the ZeroTier installer script, so if you just try to use it you will get an error message along the lines of:
FAILED: unrecognized or ancient distribution: kali-rolling
Kali Linux is based on Debian testing, so we can just “trick” the ZeroTier install script into thinking it’s Debian and it installs just fine:
# save /etc/debian-version
# (which will be something like kali-rolling)
DV_SAVE=$(cat /etc/debian_version)# pretend we're Debian buster
echo buster | sudo tee /etc/debian_version >/dev/null# follow ZeroTier install instructions from:
# for example, if you don't care about checking gpg signatures:
curl -s https://install.zerotier.com | sudo bash# restore /etc/debian-version
echo $DV_SAVE | sudo tee /etc/debian_version >/dev/null
This article is a result of playing SANS NetWars Continuous level 5 (attack/defense) for several weeks. When you get access to opponent’s machine, it is highly desirable to leave backdoors that allow you to get back in once your access is blocked. Below, I’m describing some of the techniques I’ve…
I’ve been experimenting with xxelab (https://github.com/jbarone/xxelab), a simple PHP web app demonstrating XXE attacks, trying to replicate code execution through
expect:// PHP wrapper. (Shameless plug — my recently submitted pull request allows you to run xxelab in a Docker container). …
I was recently configuring Docker on a machine that didn’t have direct access to the Internet and had to use proxy for outbound connectivity, and it turned out to be a non-trivial task. All of this info is scattered around the Internet, I’m just bringing it all together. …
On occasion you need to listen for incoming connections and interact with the data being sent by the client. Most simple way might be with netcat (12345 is the port number to listen to):
$ nc -lvnp 12345
-l for listen,
-v for verbose, this will let you know once…
I just released cms2cmd, a CMS plugin that can be used with Drupal 7, Drupal 8, Joomla and Wordpress as a simple command execution mechanism.
Occasionally during a CTF (or a pen test?) you might gain admin access to a CMS, which in most configurations gives you RCE. cms2cmd is…
I like seeing CPU load on my boxes, so pretty much all of them have some sort of CPU load gadget enabled on startup. I noticed every time I have to configure this on a Kali box I’m struggling to remember the package names for what I have to install, so having done it today I decided to do a write this so I don’t have to struggle next time.
It’s fairly simple, really:
gnome-shell-extension-system-monitorpackage (doesn’t require addition of PPA compared to
# apt update
# apt install gnome-shell-extension-system-monitor
tweaksto search for it).
System-monitor, click on the gear and set your preferences.
Let’s tackle the Protostar Format 4 challenge from Exploit Exercises (https://exploit-exercises.com/protostar/format4/). This is a detailed step-by-step walkthrough explaining all the tools and techniques needed — we’ll be writing a format string exploit.
Here’s the source code for the challenge,
#include <string.h>int target;…
Having previously tackled the last stack challenge in Protostar from Exploit Exercises (https://medium.com/@airman604/protostar-stack7-walkthrough-2aa2428be3e0), we’re now switching to the last heap challenge (https://exploit-exercises.com/protostar/heap3/).
Here’s the source code for the Protostar Heap 3 challenge:
#include <stdio.h>void winner()
printf("that wasn't too bad now…