Monday, 22 June 2015

Darknet 1.0 Write-up

Stage 0


Download and startup of the machine went smooth as expected. The machine is running in a host-only network and got the IP address 192.168.56.101 assigned. The host's virtual network interface is 192.168.56.1. 


General remark: You may experience problems with the VM at times. It may become unresponsive or one of the payloads you used won't work anymore. From my observations this becomes very likely if you are using brute force techniques. These will fill up the logs and exhaust disk space up to the degree where the machine can't even store sessions anymore which will prevent you from logging in. If that happens restart the machine, that did fix the issue for me most of the times. At one point though, only rolling back to a previous snapshot solved my issues.


Sunday, 21 June 2015

Darknet 1.0 - I'm finally root

With the new weekend, I found some more time to play with q3rv0's Darknet 1.0 and finally managed to get root.

I learned a lot on the way and appreciated the time I spent on this VM. Thanks to the author.
The wirte-up will follow today, or sometime during the week.


Wednesday, 10 June 2015

Darknet 1.0 - progress update

It's been a while...

... but I have great news, I passed several steps, not big ones but hey. In order to not spoil the fun for others I will try to hint on what I did, without getting into details and without any true evidence.

I used some of the information provided here to get a web shell up and running, however running is maybe a little much to say. Going into detail would spoil to much so I save that for the write-up.
Using the web shell and my rudimentary PHP skills I pulled some very interesting information out of the machine. Which then lead me to this.



After evaluating the new found portion of the challenge I'm now stuck with another injection problem and also with some directories, which I cannot make much sense of .... yet!

Write to you soon!

Friday, 29 May 2015

Darknet 1.0

Several days ago I started the Darknet 1.0 challenge created by q3rv0 which was added to Vulnhub May 2nd. I didn't have much time the last week, but with the weekend up ahead I will try to dig deeper.

So far I found several minor things and after handling the SQLi I'm now facing a text field and it's content is apparently executed. At least if one can trust the friendly "Exec" button...

I'll get back with any progress.

Monday, 25 May 2015

CSSA Passed

I just passed my Certified SCADA Security Architect (CSSA) certification. The classes where hosted by the InfoSec Institute and the certification itself is offered by the Information Assurance Certification Review Board (IACRB). The IACRB is a non profit organisation that focuses on certifying individuals and their skills in various information security and ethical hacking related topics.

This is a short recap of the SCADA security online boot camp as offered by the InfoSec Institute and the exam itself.
The classes offered by InfoSec Institute are somewhat ordinary, the instructor is reading the slides to you without much commenting and the slides seam to be from one of the last decades. The labs which are mandatory, are offered through WindowsXP based virtual machines, which you will have to have a license key for. You will, among others, be writing policies, replaying Modbus packets and write some IDS signatures to detect Modbus attacks.

Nevertheless, the content provided can help you to get an understanding of the topic. So the class can be a great starting point for further research and learning. The class will also more or less ensure that you pass the exam, even if you fall asleep while watching the recorded training.

The exam itself is comprised of 100 multiple choice questions across all topics. You will have 150 minutes to answer them all, not answering a question counts as a wrong answer. One third of the questions are simple yes or no questions which will partially rule out each other, so they are very easy to answer, the other two thirds are more complex and sometimes not very precise but still doable.

Concluding, the training classes could be much better, the labs could use some renovation and the certification exam could be a little harder. It was fun doing the exam though. Nonetheless, I would suggest reading a good book on the topic and do the exam straight away without taking any training classes to anyone interested in the SCADA security.




Wednesday, 20 May 2015

A first post

Hello there traveler,

I assume, and I think that I'm not mistaken, you are here by accident.
There is nothing to see right now, and probably won't be for the near future as I have a ton of work piled up in front of me.

Nonetheless, I will try to tell you my plans for this blog.

I will try to publish write-ups of hacking challenges, IT-security related training and useful tools or code and obviously anything I learn on the way here. Sometimes even some unrelated topics like traveling, food or other things may be published.

The blog is partly used some sort of notebook for myself, but of course the posts are also intended for any inclined reader stumbling through.

While there is nothing here to read, I can recommend this blog which I'm also contributing to.

Cheers,
derDuffy