Skip to content

Abraxas.io Posts

Recon Part 2 – Fierce, nslookup, and dig

Fierce Fierce is a DNS brute-force scanner which comes bundled with the Kali Linux distro. Since we’re not using Kali let’s get and configure fierce from the github project’s page: https://github.com/davidpepper/fierce-domain-scanner First, let’s create a ‘Recon’ folder where we will put our tools. Now that we’ve created our recon folder, let’s…

Leave a Comment

ImageMagick Proof Of Concept – Remote Shell

ImageMagick is a server-side image processing engine which is very widely used. Some functions include compressing/resizing submitted images (profile pictures, for instance) to standardize files in the server’s database. Some of the popular image processing plugins in php, ruby’s rmagick, and others use ImageMagick’s platform. Before going further, here’s a…

Leave a Comment

Google CTF 2016 – Spotted Quoll Writeup

First write-up from: Google CTF 2016 Competition link can be found here: https://spotted-quoll.ctfcompetition.com/ After turning on dev tools in Chrome I began to look around the simple site. The major thing which stuck out was that by clicking on the ‘Admin’ link I would land on the following page: https://spotted-quoll.ctfcompetition.com/#err=user_not_found  …

Leave a Comment

Don’t DROWN! – Avoiding the TLS/SSL vulnerability

What is it? DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) is a recently discovered (March 2016) vulnerability in SSL/TLS which can allow attackers to break the security SSL and TLS are supposed to provide and acquire the newly decrypted data. The flaw exploits servers which still support encryption services…

Leave a Comment

PS-Tip #2 – Windows Remote System Uptime

In this post I’ll cover a Python and PowerShell script I wrote for a tool which had a function of obtaining the uptime of a remote machine. I’ll start by posting the script, in full, here:

So, there it is. It’s a pretty ugly script in this form and…

Leave a Comment