Blog

Cmd2 - Pwnable.kr

Posted on Jan. 17, 2016

Writeups Pwnable.kr; Bash; Escape restricted env;

Another challenge where we need to escape from a restricted situation. This time we have complete control on the argument passed the function system but, just to make sure we will not do anything harmful, the content of the environment is deleted and the content of the argument passed to ...

Shellshock - Pwnable.kr

Posted on Jan. 15, 2016

Writeups Bash;

Shellshock indicates a family of bugs who affected bash, which was disclosed the 24 September 2014 (CVE-2014-6271). For this challenge we need to use it in order to get the flag:

shellshock@ubuntu:~$ ls -l
-r-xr-xr-x 1 root shellshock2 959120 Oct 12  2014 bash
-r--r----- 1 root shellshock2     47 Oct ...

Input - Pwnable.kr

Posted on Jan. 11, 2016

Writeups

Once logged in we need to have a look to the code source of input: input.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <arpa/inet.h>

int main(int argc, char* argv[], char* envp[]){
    printf("Welcome to pwnable.kr\n");
    printf ...

ARP cache poisoning with Ettercap

Posted on Jan. 9, 2016

Network MITM;

The Internet is extremely full of articles about the principles of an ARP cache poisoning attack, I will rather show how to perform some of the most basic ARP spoofing attacks using Ettercap, a powerful and easy to use tool for MITM attacks.

Ettercap usually comes pre-installed if you are ...

Create your virtual network with QEMU

Posted on Dec. 31, 2015

Network QEMU;

"The best way to learn about computer networks is to get the hands dirty with a real one.” Mickey Mouse

Network vs Virtual Network

The normal (not virtual) network is something you probably already know ( the internet connection you use at home is an example) so I will skip it ...