Recently Tim has been working with the software framework “OpenVAS” (“Open Vulnerability Assessment System”). This software is open source so we spent some evenings looking for bugs in the webfrontend, the Greenbone Security Assistant. After some time Sebastian found two bugs and we were able to submit those - they are fixed now.
Sebastian joined the ENOFLAG team for the Insomnihack teaser CTF 2016. In this blogpost he’ll write about the workaround for the smartcat2 (web50) challenge.
It has become tradition to write a short review of the last year and the plans for the next one.
School-CTF was a short 5 hour CTF. Nevertheless, they offered awesome challenges and it was fun. Internetwache made it to the 17th place.
Today Sebastian opened his mailbox and saw a new email popping up. You have received fax, document 00311594 from firstname.lastname@example.org with a file attached. Let’s have a closer look at it :)
The evening after the hacklu CTF I had the urge to hack on some other challenges. Ctftime.org listed the ekoparty CTF 2015 as the first entry and there was one day left. In this blogpost I’m going to write up my solutions for the following challenges:
- Slogans ( Trv 50)
- SSL Attack (Trv 90)
- Blocking truck (Trv 100)
- Pass Check (Web 50)
- XOR Crypter (Cry 200)
- Press it (Misc 100)
And some notes on other services I’ve tackled.
During the last two days, the Hacklu CTF 2015 was held. It’s a jeopardy-style CTF and Sebastian joined to have some fun ;) Here’s the writeup of the following challenges:
- Module Loader (Web, 100)
- PHP Golf (Coding, 75)
- Guessthenumber (Coding, 150)
- Bashful (Web, 200)
Sebastian reinstalled his Arch Linux recently and continued to build some AUR (Arch user repository) packages. He’ll share some of the security related ones with you.
Sebastian participated in a CTF (capture the flag) a couple of months ago. One challenge he faced was the task of restoring a git repository from a directory listing enabled webserver. With directory listing, it was pretty easy, but Sebastian was curious if it’s possible to restore git respositories without directory listing and how common this misconfiguration flaw is.
With that idea in mind, we began to develop some tiny tools and started to do some research. The results were not as bad as anticipated, but nevertheless surprising.
In this blogpost we will discuss a simple information disclosure problem called unauthorized AXFR. This can be used to leak DNS settings of a particular target, thus revealing internal / private considered DNS entries.
We’ve checked Alexa’s Top 1M for this kind of issue and came to some interesting results.