The forensics challenge given at CSAW CTF weren't exactly what I was expecting, but still we achieved to solve most of it. Here are my write-ups for the 4 challenges.
Challenges were made by Efstratios Gavas (@xtrat), Director of cyber security labs at NYU Poly! Awesome :)
Thursday, September 30, 2010
Wednesday, September 29, 2010
CSAW Exploit 3 Write-up - FreeBSD local root
For exploit3, we were given the following instructions:
Get Root. Get the key. If only I can jump over the mountain without being normal ssh://128.238.66.100:40010 chal3:$+1zX*( 2048 51:41:94:32:cf:b1:3f:d9:74:c1:d2:08:aa:e3:49:2b /etc/ssh/ssh_host_rsa_key.pub (RSA) 1024 22:7f:72:93:93:7e:9a:3d:01:b9:58:ea:74:1a:c5:af /etc/ssh/ssh_host_dsa_key.pub (DSA)
Vulnerable FreeBSD kernel
We ssh and notice an old FreeBSD kernel. We can try to use @kingcope's freebsd sendfile cache local root. Sadly it does not work out of the box because we do not have /tmp writable: we have to customize a bit the shellcode to use a different one. Also, we can remove the 64-bit part since we are on 32-bit.CSAW Exploit 1 Write-up - FreeBSD remote stack based buffer overflow
A few weeks ago was held Leet More CTF where Nibbles ended 1st! Didn't have the time to put some write-ups, but you can find some on nibbles blog or by sh4ka, auntitled and hellman.
Last week-end was held the well-known CSAW CTF (quals) by NYU-Poly. Last year and this year winners are none but our awesome friends PPP! We took 2nd place just behind them, see top15 graph.
They gave us interesting exploit challenges and I had the opportunity to look at exploit1: a remote stack based buffer overflow under FreeBSD 8.0.
Last week-end was held the well-known CSAW CTF (quals) by NYU-Poly. Last year and this year winners are none but our awesome friends PPP! We took 2nd place just behind them, see top15 graph.
They gave us interesting exploit challenges and I had the opportunity to look at exploit1: a remote stack based buffer overflow under FreeBSD 8.0.
Wednesday, September 01, 2010
Free secondary DNS services
If you run an authoritative DNS server and serve your own zones you may know about the need to have decent secondary DNS servers, or "slaves", to back you up.
I recently changed mine - xname, which I do not recommend - came across Frankb's page, and subscribed to the two first and most recommended:
I recently changed mine - xname, which I do not recommend - came across Frankb's page, and subscribed to the two first and most recommended:
- puck.nether.net/dns: simple web page, register, add your domain, allow their server to transfer and within 24 hours your zone will be served
- BuddyNS: fancy web page, simplest registration ever (email+zone+ip master), up & running in 10 minutes, and a nice feature to force refresh just by sending an email
Subscribe to:
Posts (Atom)
