This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism
New VM challenge that should be fun for people trying to get into packet analysis!
There are several steps to this box. I created it with virtualbox. The VM is built on:
Ubuntu 14.04 32 bit
If you beat the box then please shoot me an email! Have fun guys!
P.S. I got the word "Fart Knocker" from watching beavis and butthead back in the day. Otherwise you kids might not understand :)
Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable application. Since the presentation was well received, he’s decided to make the slides available to everyone. You can view them at https://speakerdeck.com/barrebas/rop-primer.
We hope you enjoy it!
ZORZ is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. I have explained as much as I can in the readme file:
Welcome to the ZorZ VM Challenge
This machine will probably test your web app skills once again. There are 3 different pages that should be focused on (you will see!) If you solve one or all three pages, please send me an email and quick write up on how you solved each challenge. Your goal is to successfully upload a webshell or malicious file to the server. If you can execute system commands on this box, thats good enough!!! I hope you have fun!
The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :)
There are a couple of different ways that you can go with this one. Good luck!
Simply download and import the OVA file into virtualbox!
Sokar Filename: sokar.ova MD5: 75f5c48e65fa81dc81ef3b58b7ee6bab SHA1: 5f4aca536898bf962bfcfd2aaccb66fda1ab790a Author: Rasta Mouse Testers: Barrebas & TheColonial ===== Notes ===== DHCP (Automatically Assigned) Special note to VMWare users - you must manually set the NIC MAC address to 08:00:27:F2:40:DB Get root, then the flag!
-=Pandora's Box =- ___ (((((\\ 6_6 ((, __ -\_ __\--. ,-',\\` '//,\_ \ |.----&----. \ `. \ (__,___,__(_ \ | _____| | |__`--'____ |________|,' hjw Filename: pandoras_b0x.ova MD5: bf3eb20ca837edccc7edbf627e095bbd SHA1: 52652bb5f886f1253ff43a21536bc4fe09bdd201 Author: c0ne Testers: Barrebas / Jelle Difficulty: Medium About: Pandora's box is a Boot2Root VM focused on binary exploitation and reverse engineering. You have to complete all levels to r00t the box. Some levels come with a readme file which you should read. Usage: Import, boot and wait 60 seconds for everything to start up before scanning it. Shootout: Major thanks to Barrebas and Jelle for testing the VM and challenges and the feedback. c0ne
.-. %%%%,/ :-. % `%%%, / `\ _, |' )`%%| '-' / Filename: pegasus.ova \_/\ %%%/`-.___.' MD5: 5046e330ff42e9adee0a42b63694cbfe __/ %%%"--"""-.%, SHA1: f18b7437ca3c96f76a2e1b06f569186b63567dd5 /`__| %% \%% Difficulty: Intermediate \\ \ / | /'%, Author: Knaps \] | /----'. < `%, Tester: Mulitia || `>> > || ///` /( //(
Welcome to my first boot2root VM! Inspired by various CTF events I took part in and by couple cool concepts I learnt in the last couple months.
Rules of engagement are simple - find a way in, escalate your privileges all the way up to the root and get the flag!
As with all VMs like this, think outside the box, don't jump to conclusions too early and "read between the lines" :)
The VM has been tested on VMWare and VirtualBox, just import it, ensure the network is set as "Host Only" and run it. It should pick up the IP address automatically.