Linux ptrace introduction AKA injecting into sshd for fun

If there is one thing I've come to appreciate over this past few weeks, it's just how much support you are provided from the Win32 API. That being said, I wanted to tackle some Linux process injection, with the aim of loading a shared object into another process address space without having to resort to LD_PRELOAD, or stopping the process. The goal I set myself was quite simple, could I recover plain text credentials from the sshd process using ptrace. Granted, this is a bit of an arbitrary goal, as there are many other ways to achieve the same result much more effectively (and with much less…

Read more »

New Blog and the Technology that powers it

Posted on

As you may have noticed, I've migrated my blog from Tumblr to a shiny Ghost powered engine. While it does feel like I'm leaving the social media buzzword bingo revolution behind, editing on Tumblr wasn't exactly made with lengthy InfoSec posts in mind. Of course, moving to Ghost in my case means provisioning and managing a new server, so I wanted to take some time to document the architecture of my solution incase anyone else is looking to make a similar change in the future. Hosting My hosting provider of choice is DigitalOcean, which I have used for a few years for some of my personal server…

Read more »

BSidesSF CTF - DNSCap Walkthrough

Posted on

Of all the BSidesSF CTF challenges, I think this one has to be my favourite. Combining a mix of packet capture analysis, scripting, frustration, and trying to beat the clock. The brief provided by the challenge was quite straight forward: Found this packet capture. Pretty sure there's a flag in here. Can you find it!? We are provided with a PCAP file, which we will start analysing with TShark: Straight away we notice the unusual DNS traffic within the capture file, with what appears to be subdomains encoded using hex. Let's extract the hex and see what, if anything, it decodes to: tshark -r…

Read more »

BSidesSF CTF - Steel Mountain: Sensors Walkthrough

Posted on

Continuing my write-up series from BSides SF's CTF, today I'll be looking at a "pwn" challenge, Steel Mountain: Sensors. The challenge starts with a link, and a cryptic comment: Steel Mountain's environmental control systems have some flaws. What's going on with the sensors? Navigating to the URL, we are greeted by a blueprint of Steel Mountain (points deducted BSidesSF for not using comic sans :D), with a number of sensors running: If we look at the web requests/responses driving the sensor stats, we see a HTTPS request to the following URL: https://steel-mountain-d2fcf1e0.ctf.bsidessf.net/…

Read more »

BSidesSF CTF: b-64-b-tuff Walkthrough

Posted on

This week I was part of team "NeverTry" who competed in the BSidesSF online capture the flag. As far as CTF's go, this was a fun one, taking place over 2 days there were a range of cool puzzles and flags to find. Over a series of upcoming posts I'll be running through the solutions for a number of my favourite challenges, starting with b-64-b-tuff. This challenge started with a simple application which receives binary shellcode over the network, and executes the payload. The aim is simple, read the contents of /home/ctf/flag.txt. This challenge however came with a twist, let's have a look at t…

Read more »