This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism

New VM challenge that should be fun for people trying to get into packet analysis!

There are several steps to this box. I created it with virtualbox. The VM is built on:

Ubuntu 14.04 32 bit

If you beat the box then please shoot me an email! Have fun guys!

P.S. I got the word "Fart Knocker" from watching beavis and butthead back in the day. Otherwise you kids might not understand :)

ROP Primer: 1

Bas 4 Mar 2015

Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable application. Since the presentation was well received, he’s decided to make the slides available to everyone. You can view them at https://speakerdeck.com/barrebas/rop-primer.

We hope you enjoy it!

ZORZ is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. I have explained as much as I can in the readme file:

Welcome to the ZorZ VM Challenge

This machine will probably test your web app skills once again. There are 3 different pages that should be focused on (you will see!) If you solve one or all three pages, please send me an email and quick write up on how you solved each challenge. Your goal is to successfully upload a webshell or malicious file to the server. If you can execute system commands on this box, thats good enough!!! I hope you have fun!

admin@top-hat-sec.com

The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :)

There are a couple of different ways that you can go with this one. Good luck!

Simply download and import the OVA file into virtualbox!

Sokar

Filename:  sokar.ova
MD5:  75f5c48e65fa81dc81ef3b58b7ee6bab
SHA1:  5f4aca536898bf962bfcfd2aaccb66fda1ab790a
Author:  Rasta Mouse
Testers:  Barrebas & TheColonial

=====
Notes
=====
DHCP (Automatically Assigned)

    Special note to VMWare users - you must manually set the
    NIC MAC address to 08:00:27:F2:40:DB

Get root, then the flag!
  • Objective: gain shell access for each level. Then reach root.
  • Note: figure out what the blips are, where they are, and how to decode each one.
-=Pandora's Box =-
               ___
             (((((\\
              6_6 ((,
          __ -\_ __\--.
       ,-',\\` '//,\_  \
      |.----&----. \ `. \
      (__,___,__(_  \   |
  _____|        | |__`--'____
       |________|,'        hjw

Filename: pandoras_b0x.ova
MD5: bf3eb20ca837edccc7edbf627e095bbd
SHA1: 52652bb5f886f1253ff43a21536bc4fe09bdd201
Author: c0ne
Testers: Barrebas / Jelle
Difficulty: Medium

About:
Pandora's box is a Boot2Root VM focused on binary exploitation and 
reverse engineering. You have to complete all levels to r00t the box. 
Some levels come with a readme file which you should read.

Usage:
Import, boot and wait 60 seconds for everything to start up before 
scanning it.

Shootout:
Major thanks to Barrebas and Jelle for testing the VM and challenges 
and the feedback.


c0ne
  • Objective: gain shell access and root the box.
  • Hardness: intermediate-> advanced.
  • Note: The box doesn't respond to ping, so be sure to check the DHCP lease.

Pegasus: 1

Knapsy 16 Dec 2014

Pegasus

         .-.
   %%%%,/   :-.
   % `%%%, /   `\   _,
   |' )`%%|      '-' /            Filename:   pegasus.ova
   \_/\  %%%/`-.___.'             MD5:        5046e330ff42e9adee0a42b63694cbfe
    __/  %%%"--"""-.%,            SHA1:       f18b7437ca3c96f76a2e1b06f569186b63567dd5
  /`__|  %%         \%%           Difficulty: Intermediate
  \\  \   /   |     /'%,          Author:     Knaps
   \]  | /----'.   < `%,          Tester:     Mulitia
       ||       `>> >
       ||       ///`
       /(      //(

Welcome to my first boot2root VM! Inspired by various CTF events I took part in and by couple cool concepts I learnt in the last couple months.

Rules of engagement are simple - find a way in, escalate your privileges all the way up to the root and get the flag!

As with all VMs like this, think outside the box, don't jump to conclusions too early and "read between the lines" :)

The VM has been tested on VMWare and VirtualBox, just import it, ensure the network is set as "Host Only" and run it. It should pick up the IP address automatically.

Enjoy! :)