Hell Walkthrough – Part 5

Part 1 | Part 2 | Part 3 | Part 4 | Part 5

This is the last step. The last hoop that needs to be jumped through. The last wall of hurdles between me and root. LET’S DO THIS !

Orange Juice Doesn’t Echo

The OJ user has 1 file, a binary called echo which does exactly that, it repeats what you send it. This guy is the height of programming ability. There’s got to be something wrong with it.
Continue reading…

Hell Walkthrough – Part 4

Part 1 | Part 2 | Part 3 | Part 4 | Part 5

Yup, we’re still going.  Told you it’d be a long journey didn’t I ?

Tales from the Crypt, But First I’ll Rock You

George has one file in his home folder – a Truecrypt container. I guess no one has told George that TrueCrypt isn’t recommended any more – he should be using something else. *shakes fist at the NSA*
Continue reading…

Hell Walkthrough – Part 3

Part 1 | Part 2 | Part 3 | Part 4 | Part 5

I Want to Play a Game, But No Jigsaws, OK ?!

The home folder for milk_4_life is pretty sparse, just a binary called “game”. However, it’s owned by the george user, and has the suid attribute set.

$ ls -l
total 20
---s--x--x 1 george      george      5743 Jun 19 18:24 game

Running the binary produces the following output, which doesn’t tell us much other than it’s “listening”. Like a overly intrusive neighbour.
Continue reading…

Hell Walkthrough – Part 1

Part 1 | Part 2 | Part 3 | Part 4 | Part 5

So, Peleus released a vulnerable VM on VulnHub, also known as a “boot2root”, called Hell.

A lot of the techniques in this VM are known to me apart from the very last step. I will go through my thought process for each step and how I managed to go from enumeration to a root shell.  This is going to be a multipart walkthrough, therefore keep checking back for updates.
Continue reading…

BSides London – A Retrospective

BSides London, BSides London… what can I say about BSides London…
Well, for one it’s small – if you’re expecting a massive convention like Defcon you will be sorely disappointed. But the size doesn’t matter when you get to meet revered infosec people like Jack Daniel (Tenable) , Martin McKeay, Tod Beardsley (Metasploit) et al and talk to them on a one to one level about anything (I had a conversation about Hello Kitty with Tod B – that says a lot). Oh, and don’t forget the fact that staff members from the ever so epic Offensive Security were there too – I’m looking at you g0tmi1k :D It was also nice to meet up with Nullmode (forever known as N0tmi1k) and Arr0way as well and chat randomly about anything and everything that came to mind.
Continue reading…

BSidesLondon and Infosec

With less than a week to go before BSides London and Infosec 2014, I’m trying to list out all the people/companies I want to talk to, and also determine whether to take my laptop or my tablet – I’m thinking laptop…

Anyway, quick and simple post this one – I’ll be at both events.  You can tweet me @recrudesce if you want to meet up and say “hi”.

If you’re going too, have a good time – remember to get loads of swag ;)

OSCP Review

Have you ever purposefully put yourself in a situation that makes you run around the house in glee, and then five minutes later makes you want to put your head through a door ?  No ?  Maybe you should try OSCP.  If being constantly told to “try harder” doesn’t make you want to embed a brick into your eye socket, then maybe this is for you…

After much research into the Certified Ethical Hacker course, the term “OSCP” kept cropping up in my google searches.  OSCP… OSCP…  what is this mythical OSCP of which you speak !?
Continue reading…