Disassembling another spam mail

Today Sebastian opened his mailbox and saw a new email popping up. You have received fax, document 00311594 from incoming@interfax.net with a file attached. Let’s have a closer look at it :)

Ekoparty CTF 2015 - Writeups

The evening after the hacklu CTF I had the urge to hack on some other challenges. Ctftime.org listed the ekoparty CTF 2015 as the first entry and there was one day left. In this blogpost I’m going to write up my solutions for the following challenges:

  • Slogans ( Trv 50)
  • SSL Attack (Trv 90)
  • Blocking truck (Trv 100)
  • Pass Check (Web 50)
  • XOR Crypter (Cry 200)
  • Press it (Misc 100)

And some notes on other services I’ve tackled.

Hacklu CTF 2015 Writeups

During the last two days, the Hacklu CTF 2015 was held. It’s a jeopardy-style CTF and Sebastian joined to have some fun ;) Here’s the writeup of the following challenges:

  • Module Loader (Web, 100)
  • PHP Golf (Coding, 75)
  • Guessthenumber (Coding, 150)
  • Bashful (Web, 200)

Don’t publicly expose .git or how we downloaded your website’s sourcecode - An analysis of Alexa’s 1M

Sebastian participated in a CTF (capture the flag) a couple of months ago. One challenge he faced was the task of restoring a git repository from a directory listing enabled webserver. With directory listing, it was pretty easy, but Sebastian was curious if it’s possible to restore git respositories without directory listing and how common this misconfiguration flaw is.

With that idea in mind, we began to develop some tiny tools and started to do some research. The results were not as bad as anticipated, but nevertheless surprising.

Scanning Alexa’s Top 1M for AXFR

In this blogpost we will discuss a simple information disclosure problem called unauthorized AXFR. This can be used to leak DNS settings of a particular target, thus revealing internal / private considered DNS entries.

We’ve checked Alexa’s Top 1M for this kind of issue and came to some interesting results.

Interesting CSRF bypass

Sebastian recently discovered an interesting CSRF bypass and we would like to share this finding with you.

2014 in review

2014 was another very awesome year. We’ll write about some of the highlights in this article and tell you about why 2014 was important for us and our project @internetwache. Last but not least, we’ll give a sneak preview of our plans for 2015.

Day 3 + Day 4 at the #31C3

First of all: We wish all our readers a happy new year! A special writeup about Internetwache in 2014 and other projects will be published in about a week.

To be honest we planed to publish an article every day of the #31c3, but as you might have read in the other posts: We were very busy meeting cool people, hearing awesome talks and finally being tired as hell :) So we decided to postpone the blogposts after the #31c3. Finally we got some time after New Year’s Eve (without internet) to write down the experiences of the last two days.

Day 2 at the #31c3

Our second day at the #31c3 was also very nice - we want to summarize our impressions of the second day in this blogpost. But before we start we will let you know how we finished the first day.