This binary challenge is based on a i386 stripped elf file which prompts for a flag:
borja@PanoramaBar $ file ./howtobasic ./howtobasic: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, for GNU/Linux 2.6.26, BuildID[sha1]=4f288f1a66ad673dc50b51c7e85635358bb11da0, stripped borja@PanoramaBar $ ./howtobasic Facebook CTF Enter flag: asdasdasdasd Sorry, that is not correct. borja@PanoramaBar $
borja@PanoramaBar $ file autologin.xpi autologin.xpi: Zip archive data, at least v2.0 to extract borja@PanoramaBar $
This binary challenge is based on a i386 elf file which prompts for a flag:
borja@PanoramaBar $ file ./derp ./derp: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, for GNU/Linux 2.6.26, BuildID[sha1]=b77361bfdab4b30a5ed258ee173fe306184a4438, not stripped borja@PanoramaBar $ ./derp Facebook CTF Enter flag: asdasdasdasd Sorry, that is not correct. borja@PanoramaBar $
I just arranged a OVH FreeBSD dedicated server. The first time I logged in, I noticed some issues I would like to comment…
In this post I will talk about the AR-Drone Parrot.
These user-controlled helicopters are getting very popular, and a lot of people are using them in city parks and gardens.
Time ago, a friend told me he had bought one of this helicopters, so I meet him and his toy to perform some investigations. I now these is nothing new, and very good presentations does exist regarding UAVs (check rootedCon 2012 presentation by Hugo Teso), but is the first time I see this kind of drone in the Real-World :-D
First to be said, this drones can be controlled with an iPhone app via open wireless connection, so evil things can happend meanwhile the drone is operated by an legitime user ]:-)
In this article, I’m going to resume the steps to have a full packet capture solution with snort IDS and Intel NIC’s.
This solutions is based on Luca Deri’s software PF_RING, a new type of socket to exploit the capabilities of packet capture and snort.
We will follow these steps
- Download and compile PF_RING
- Compile the PF_RING aware network driver
- Compile the libpcap
- Download and compile DAQ
- Compile PF_RING DAQ module
- Download and compile snort agains DAQ
In this article I’m going to illustrate how to read the full content of /dev/mem on linux 3.x machines. I will bypass the function devmem_is_allowed with a kernel return probe.
The kernel probes is a kernel component designed for kernel developers to debug the system internals.It can dynamically break into any kernel routine and modify the function’s behavour. This proves had been heavily since yeah by kernel developers. RedHat has build an user interface to kprobes called SystemTap
You can find kprobes’ documentation in Documentation/kprobes.txt. You should also download the article example files kprobe.tgz
This article shows basic shellcoding on NetBSD/i386. I hope this won’t be the last on exploitation BSD archs.
The playground is prepared with a fresh NetBSD 5.1.2 installation, virtualized with kvm.
net# uname -a NetBSD net 5.1.2 NetBSD 5.1.2 (GENERIC) #0: Thu Feb 2 17:22:10 UTC 2012 firstname.lastname@example.org:/home/builds/ab/netbsd-5-1-2-RELEASE/i386/201202021012Z-obj/home/builds/ab/netbsd-5-1-2-RELEASE/src/sys/arch/i386/compile/GENERIC i386
Gltail is another real-time data and statistics tool like gltrail. It works by drawing via OpenGL the remote logs of a machine, using SSH transport.
Grab the gltail source code at https://github.com/Fudge/gltail.git
Gltrail is a software for real-time viewing the relations and activities from any supported logfile format.
Nice visualization for websites (you can easily see the most visited sections on the website), SSH connections, etc.
You can tune the logs parsing by modifing the configuration file gltrail.ini.
You can grab the source code at https://github.com/Fudge/gltrail/
Quick recipe on XEN installation on Debian whizzle (testing) dom0
Host XEN installation
Install the packages with apt:
root@xen:~# apt-get install xen-hypervisor-4.1-amd64 root@xen:~# apt-get install xen-utils-4.1 root@xen:~# apt-get install xen-tools
After installing, a reboot is neede to start the new xen-kernel.
This is a quick recipe on reducing a btrfs FS inside a LMV structure.
First, the will reduce the “content”, then we will operate over the “container”.
This is the algorithm:
- umount /path/to/fs
- resize2fs /dev/mapper/vol SIZE (see man resize2fs)
- deactivate the volume
- lvreduce -L nG /dev/mapper/vol
- resize2fs /dev/mapper/vol nG
btrfs is actually considered “experimental”, but is included since stable kernel 3.0.0. Btrfs is the answer from the GNU/Linux community to Sun Microsystems ZFS. You will find more info on wikipedia:
pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router.
I got it running inside an Alix2d2 board.
Sometimes, with the help of a cron daemon and mpg123, I use this device as alarm clock. I attached a USB soundcard and loaded the proper kernel modules to get It working. Then, I installed mpg123 from the PKG repos. As last step, I added the “cron” package with the pfSense package manager.
Barada (Barada Ain’t Respecting Any Devious Adversaries) is a two factor authentication software based on a pam module for Linux and an Android client.
Get the software for Linux here:
* apt-get install libpam-barada
* apt-get install libboost-system-dev
* apt-get install libboost-filesystem-dev
Configure the PAM module. You can read in the README file the install instructions:
12 13 # Disallow non-root logins when /etc/nologin exists. 14 account required pam_nologin.so 15 16 # XXX 17 # surmano barada 18 auth sufficient pam_barada.so 19 20 # Uncomment and edit /etc/security/access.conf if you need to set complex 21 # access limits that are hard to express in sshd_config. 22 # account required pam_access.so 23
Then, add an user with barada-add:
/usr/local/bin/barada-add <username> <pin> PanoramaBar barada-pam-0.5 # barada-add borja 1234 Added borja with key: 8fcb943e2294f75196675cac7e6efe81
As the final step, go to Android Market and install the Barada Client.
Configure it with the key generated by barada-add. When logging into the system, PAM will ask the key which is generated by the barada android cliente.
Happy login! :-D
This approach do not take LVM into consideration!
- Clean badblock and check the disk
badblocks -c 10240 -s -w -t random -v /dev/sdb
- Install software
apt-get install cryptsetup
- Create a partition
- Create encrypted partition
cryptsetup –verbose –verify-passphrase luksFormat /dev/sdb1
- Unlock encrypted partition
cryptsetup luksOpen /dev/sdb1 disco_cifrado
- Create FS within encrypted partition
mkfs.ext3 -j -m1 -O dir_index,filetype,sparse_super /dev/mapper/disco_cifrado
- Mount encrypted partition
mount /dev/mapper/disco_cifrado /mnt/cifrado
- Umount encrypted partition
- Lock encrypted partition
cryptsetup luksClose disco_cifrado
The method I will use is the instalation via package binaries (just like a default FreeBSD system). The FreeBSD package site I will use is located at ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/i386/packages-8.1-release/Latest/
Let’s do it!!
Este articulo va sobre explotacion de format string bugs sobre x86_64. Son necesario conocimientos de explotacion sobre i386 (no me voy a parar a explicar nada, sorry :-P).
Para empezar, teniendo el siguiente programa vulnerable, compilandolo y arrancando el gdb: