Summary This was a really cool CTF! It was put on by HouSecCon (Hou.Sec.Con) and Idaho National labs. A few things I really liked about it: Final scores! Huge congrats to CoB for a late night rally and taking the win! Challenges There were upwards of 100 challenges in the…
Leave a CommentTag: code
Introducing Neith
A project I’ve worked on for the past month is now online – Introducing Project Neith! About a year ago I while surfing the web, I came across a tool called ‘PowerShell UniversalDashboard’ made by Adam Driscoll. (https://github.com/adamdriscoll) It makes creating webapps with PowerShell not only possible, but very easy.…
Leave a CommentBattalion – Automating Recon
Introducing Battalion Over the past 2.5 months a friend – @eidolonpg – and I have been working on a tool which was spawned from the previous articles written here. If you’ve read the past few posts have been about ‘Reconnaissance’ and, lately, chaining various recon tools together you’ll understand how this…
Leave a CommentRecon Part 3.5 – HaveIBeenPwned?
This is a quick write-up on the amazing HaveIBeenPwned Database maintained by Troy Hunt. https://haveibeenpwned.com. If you haven’t seen it, check it out! I recently discovered there isa public API to query the breach databases and decided I wanted to notify employees at my company if their account was involved…
Leave a CommentRecon Part 3 – Gobuster and EyeWitness
Gobuster TheColonial wrote a really cool tool called Gobuster which is similar to fierce but programmed in Go. I wanted to include it here because I tend to have better performance using this tool than fierce, by a LOT. Gobuster can be found on github here. There are a few issues to…
Leave a CommentImageMagick Proof Of Concept – Remote Shell
ImageMagick is a server-side image processing engine which is very widely used. Some functions include compressing/resizing submitted images (profile pictures, for instance) to standardize files in the server’s database. Some of the popular image processing plugins in php, ruby’s rmagick, and others use ImageMagick’s platform. Before going further, here’s a…
Leave a CommentGoogle CTF 2016 – Ernst Echidna
My first CTF challenge was Ernst Echidna which is a simple web page (here) which had a register page. After inspecting the requests when interacting on the site and by checking the robots.txt file, we were able to determine that there is a /admin page which you attempt to arrive at but are…
Leave a CommentGoogle CTF 2016 – Spotted Quoll Writeup
First write-up from: Google CTF 2016 Competition link can be found here: https://spotted-quoll.ctfcompetition.com/ After turning on dev tools in Chrome I began to look around the simple site. The major thing which stuck out was that by clicking on the ‘Admin’ link I would land on the following page: https://spotted-quoll.ctfcompetition.com/#err=user_not_found …
Leave a CommentPS-Tip #2 – Windows Remote System Uptime
In this post I’ll cover a Python and PowerShell script I wrote for a tool which had a function of obtaining the uptime of a remote machine. I’ll start by posting the script, in full, here: import os import subprocess def ps_remote_system_uptime(): remote_target = raw_input(“Which system do you want the…
Leave a CommentPS-Tip #1 – Remote DNS Cache Clearing
PS-Tips are a series of shorter posts which introduce and explain short PowerShell snippets that may help to automate some tasks. There are a requirements to run remote PowerShell commands and I’ll cover the details of setting the prerequisites in a later post. The process for getting setup isn’t too difficult so…
Leave a Comment