Level4, time for some crypto and reverse engineering.. Level 4 is a binary which decrypts encrypted files with a password, and of course an example binary and password are given. Putting some random data in a file and trying to decrypt that results in a message that the file is invalid or corrupt. This suggests that the binary has some kind of checksum algorithm to detect if the file is valid. Let’s take a closer look at the binary.. Continue reading
Pandora’s Box – Level 3
Level 3, one of my favorites! As with the previous level, we started a binary on the vm with socat. This time we find a random number game.. As usual we start fuzzing..(string format, buffer overflow etc.) but after some time we haven’t found anything. Time to look closer at the binary.. Continue reading
Pandora’s Box – Level 2
So! We got passed level1 and now have a basic shell. Whats next?! In the home directory of level1 we find two files: level2 and level2_readme.txt. The readme files tells us to run level2 with the command “socat TCP4-listen:53121,reuseaddr,fork EXEC:./level2” and connect to it using something like netcat. When connecting to it, we discover it’s some kind of note manager. We can store up to 10 notes and have some commands available to create/ write/ read and delete a note. Continue reading
After c0ne build the vulnerable binary for the knock-knock challenge, he now made a complete boot2root VM with 5 levels: Pandora’s Box! I had the pleasure of being one of the testers for the vulnurable binaries, so I got a sneak peek for level 2 and 3 (after which level 2 changed quite a bit). I’l be splitting up the writeup per level and I’l only describe the final levels that ended up in the VM. Continue reading
Knock knock who’s there…
Knock knock.. who’s there? Time for a new exploit challenge! This time the challenge is a VM created by zer0w1re on VulnHub. I got a tip from a friend who actually build the vulnerable binary in the VM so I gave it a go 😀 .
After mounting the VM and doing an initial nmap scan to locate the VM I fired up a second nmap scan to get an indication what is running on the box. Nmap returned one port: 1337!
After connecting to the service on port 1337 we get three seemingly random numbers. Let’s start knocking! Continue reading
Pwnium CTF – Kernel land write-up
So.. My first CTF writeup! I participated with a few others in the Pwnium capture-the-flag. One of the challenges I looked at was the Reverse Engineering challenge “Kernel Land”. The challenge gave a link to a binary with the tip: “The third Tick gives you the answer ;)”. After a first peek it appeared to be a linux binary:
root@kalipwn:~/Downloads# file kernel Continue reading
kernel: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
Tool – Multi Tab Command Line
A while ago I was using a command line utility but was annoyed by the inconvenience of the default console application of Windows. For example, you can’t maximize the console! This is a little project which wraps cmd.exe and uses the standard input and output streams to communicate with cmd.exe. This makes it possible to have multiple console windows in one application. With the DockPanel Suite project I created this little multi-tab command line utility to make my life a little easier. Be aware that it has some shortcomings. Because it uses standard input and output stream it is incompatible with applications that modify the screen buffer directly through the WriteConsoleOutput API.
You can download it here. Be aware no warranty is given of any kind and I am not responsible for any damage caused by this tool. Use at your own risk.
The Undocumented IsTopLevelWindow API
Once again I am astounded that such a simple, yet important API exists but is undocumented. I am talking about the IsTopLevelWindow function which is exported from user32.dll. As the name suggests it determines if a given window is a top-level window. I inspected User32.dll on Windows 7 and Windows 8.1 where it was present. Other Operating Systems may be supported. Continue reading