slash root slash flag dot txt Solving the Relativity Vulnerable VM


At the time of writing this post, this VM was part of a local security communities (zacon) pre-con challenge. Finding /root/flag.txt would have entered you into a draw for winning a prize :D However, the greater goal of the challenge was to learn something. I set out some time and attempted the challenge. Fortunately, I managed to complete it in time. So, this is the journey I took to solve this. You can now download and try this VM yourself over at VulnHub. Unzip, mount and boot the VM. Once the VM is booted, it should have an IP assigned via DHCP.

I think it is interesting to note that I used a very limited set of tools to complete this. No bruteforcers, metasploits, vulnerability scanners and or fancy proxies were used. My toolset consisted out of netcat, nmap and other basic bash commands. There are probably a gazillion ways to do this as lots of this stuff is preference based on how they are approached. However, the basic ideas of the vulnerabilities remain the same.

Read On →

Zeus My Adventure with a Infamous Bot


Bots for the masses.

Recently at a conference that I attended, I sat in a class that was talking about Botnets and general ‘How Easy They Are’ related things. 90% of the technical discussions did not really come as a surprise to me, however, I came to realize that I am not 100% aware of how ( and I dare say this lightly ) easy they have it. The technical competency of the adversary really doesn’t have to be at a jaw droppingly high level. In fact, if you can operate the keyboard and mouse, heck, even a tablet/phone once its all setup, then you could potentially be a successful botnet operator.

Read On →

KVM Redirecting CentOS Kernel and tty output to a virtual serial console

Console all the things!

First and foremost, I will start with a warning. Like any other virtualization software, you risk leaving the console open. This is a often overlooked part of securing your infrastructure. An administrator may have been required to do some work on the virtual console, and forget to log out. What if that account that is still logged in, is r00t? Having administrative access to a VM Host gives you access to the consoles, but not necessarily to the guests. Remember to log out! Or, setup shells to auto-logout after a few minutes of inactivity.

Read On →

URL Expansion - I'm paranoid like that

So there is a good use

URL Shorteners, as they are most commonly known, are pretty useful in places where you are limited to the amount of characters you are allowed to type. Twitter being the prime example. However, it is not only because of services like that that these URL shortening services exist. Sometimes, URL’s are are just plain crazy long, and very error prone when you have to copy and paste/link them someone. I guess we can call this a useful feature?

Read On →

'stuff' to Gource.

Stuff to what…?

Not too long ago, a colleague introduced me to Gource. In case you have not heard of Gource before, I highly suggest you take a few minutes and check out the project home page here. If you have been developing, or are part of a development project that has been around a while, then Gource should be able to tell you a tale in a strangely mesmerising way about its progression. Go ahead, download and install it. You are going to need it to try the rest of the stuff anyways.

*Be warned though, watching the output is highly addictive and strangely entertaining, so if you value your productivity, don’t continue reading this post.*

Read On → Digest to Basic authentication; A simple example of a authentication 'downgrade' attack


Lets start by saying that I am by no means an expert at any of what I am about to write. Primarily this post is purely for research purposes. Think of it as one of those something to do scenarios. I’d like to cover some basics around HTTP Authentication, and then show a PoC of how this can be abused in a real world scenario. Hopefully this will help educate people to use more secure authentication mechanisms! :)

Read On →

Quick Win: Quickly Execute Last Shell Command

Work clever, not hard This will be the first post of a series of quick shell tips for getting things done, fast. Infact, it will probably just serve as a notepad for me on the topic ;) Last shell command If you are using a shell, such as Bash, which is pretty much the default on most Linux distributions, then you probably know that you can just use the up arrow to get the last command. Read On →

Jabber to Email using SleekXMPP

So, why would you even want this..?

Well, to be honest, I am not really sure of many use cases for this, however maybe someone, somewhere will need to do something like this, and I would have done my deed and saved someone some time ::sun::

Introducing SleekXMPP

SleekXMPP is a python XMPP framework. It takes a bit to get your head around it, but once you have some basics covered its quite a rewarding library to work with. :) To start, you need to install 2 dependencies. Python Mailer and SleekXMPP itself. Something like pip install mailer sleekxmpp or for the older school, easy_install sleekxmpp mailer should do the trick. It can’t hurt to check if the distro you use has these are packages already too.

Read On →

How To: Extremely simple python Jabber Broadcast Bot

Bots! Bots! Bots!

Generally speaking, a “bot” is something that like does work for you. But, for this purpose, the need for a jabber bot came from the fact that I had to deal with a lot of email on a daily basis. This large amount of mail sometimes would cause me to completely miss critical mail alerts. Realising later that I could have prevented a catastrophe if I didn’t miss that one email was just not on anymore. So, I started investigating ways to get the important stuff delivered faster.

As a team at work, we have long gone dropped the whole Skype group chat thing for our own Jabber server. My privacy related concerns back then was recently heightened here when a trap URL received a HEAD request from The user that received the URL in a chat was under strict instructions not to actually click it…

Read On →

Hello World! Oh and here's some code!


Finally! A blog engine I like! :) No exceptionally bloated backend database with plugins that just get hacked. Yup, slim and sleek. And, I get to make posts using Vi :D Want in on this love? Have a look at Octopress . Yes, it was a real ball ache to get setup thanks to the ruby dependencies, but now that were rollin’ this should be good :D

Read On →