One of the popular boot-to-root VMs has an exploit (764.c) which doesn't compile so well in modern Kali, producing the errors: 764d.c:643:24: error: ‘SSL2_MAX_CONNECTION_ID_LENGTH’ undeclared here (not in a function) 764d.c:651:2: error: unknown type name ‘RC4_KEY’ 764d.c:652:2: error: unknown type name ‘RC4_KEY’ 764d.c:844:7: error: ‘MD5_DIGEST_LENGTH’ undeclared (first use in this function) 764d.c:845:19: error: ‘SSL2_MT_ERROR’ undeclared (first use in this function) 764d.c:882:2: error: unknown type name ‘MD5_CTX’ 764d.c:887:23: error: ‘MD5_DIGEST_LENGTH’ undeclared (first use in this function) 764d.
Read More

After attending a great talk by @marcoslaviero about AWS cloud security and persisting your access through AWS Lambda and EC2, I realised there was another nasty way to "inject" malicious code in to an account and execute it on demand (or have it executed for you)... by inserting it as a "version" of an existing Lambda function, and restoring that Lambda's functionality. Again, this assumes you have already compromised the AWS account.
Read More

I've been doing some boot-to-root VMs lately and some of the classics are quite old, with Kioptrix: Level 1 going all the way back to 2010. While the puzzles and exploits still hold up, it's not always easy to get hold of tooling - especially newer stuff like "socat" - for these older distros. For that reason I've compiled a bunch of variants of busybox, netcat, and socat for different architectures and distro's (mostly older Debian) and put them up on github: https://github.
Read More

If you're running on a 64bit cpu but need to compile some code to 32bit, you can usually get away with doing: gcc <filename.c> -o <filename> -m32 or in the case of "configure" and "make" you can probably go with: ./configure --build=i686-pc-linux-gnu "CFLAGS=-m32" Unless of course you're greeted with this error: configure: error: C compiler cannot create executables The solution to which is (on Debian-based distros at least) hopefully just:
Read More

The "Kioptrix" boot-to-root VMs are some of the most popular hacking challenges but are intended for use with VMWare. If your choice of virtualization is VirtualBox you can choose to mount the VMDK disk image of "Kioptrix: Level 1 (#1)" but will likely end up with a Kernel panic. To get it working in VirtualBox do the following: Create a new VM and choose not to use a disk In "Settings -> Storage", remove the SATA controller entirely and under the IDE controller add an new (existing) disk - and select the VMDK.
Read More

I needed an ASCII Skull for... err... reasons, so decided to post the best ones I could find here. Unfortunately nearly all of them are on multiple websites without any credit to the authors, so if you made them or know who did I'll happily give credit where credit is due. _,.-------.,_ ,;~' '~;, ,; ;, ; ; ,' ', ,; ;, ; ; . . ; ; | ; ______ ______ ; | | `/~" ~" .
Read More