mytty

TYS 0x07 - onebyte to rule them all

Thu, 15 Aug 2019 17:42:42 +0000

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.

Challenge

The goal of this challenge is to write a script/tool/exploit which successfully bypasses the login of the network enabled service running in the provided docker container - without changing the docker run command (run it exactly the way as shown below) or any of the scripts/files provided. Feel free to explore the container and take a closer look at the application binary.

TYS 0x06 - willItBounce

Fri, 02 Aug 2019 17:50:15 +0000

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.

Challenge

The goal of this challenge is to find a way to send a specific input from your host to the “Hidden Service” inside the container (as illustrated by the red arrow) - without changing the docker run command (build and run it exactly the way as shown below) or any of the scripts/files provided.

TYS 0x05 - open sesame

Mon, 27 May 2019 07:50:15 +0000

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.

Challenge

The goal of this challenge is to get your hands on the secret code which itself is hidden behind a secret and a captcha protection! You are allowed use any means necessary - think outside the box!

TYS 0x04 - Is it really that easy?!

Thu, 16 May 2019 19:02:09 +0000

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.

Challenge

Your objective? Get root! But, do it without making any changes to the container/image or the file-system outside your users home directory (/home/void) and do not change the docker run command (run it the way shown below)!

Hacking a telnetd sensor node on the back of busybox telnetd

Fri, 03 May 2019 16:30:21 +0000

Telnetd sensor node what?!

I call it a sensor node (more on that in a later post), you might call it a telnetd stub. We are essentially talking about a telnet service which looks like a telnet service, is fingerprinted as a telnet service, replies like a telnet service, but is limited to bare minimal functionality and just meant as a sensor to gather information.

In this case, we are looking for the folks who are looking for us - or, who are looking for exposed services on the interwebs (or maybe your corp network?).

NTP Fingerprinting with nmap

Sat, 20 Apr 2019 13:06:42 +0000

NTP - An easy, quick, reliable and lightwight way to fingerprint a system

About ten years ago, and around three years after the nmap scripting engine (NSE) made it into mainline, I wrote and contributed ntp-info to the nmap project.

TYS 0x03 - I fatfinger deleted my cute little puppy!

Sat, 13 Apr 2019 11:02:14 +0000

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.

Scenario

Bob, who has a very cute little puppy, sends you an email asking for your help. He says that he, by accident, deleted the best picture he had of his cute little puppy from a USB memory stick. He also mentioned that he immediately unplugged the memory stick once he noticed that he deleted the picture. He took an image of the stick with DD and attached it to the email.

His last line in the mail is something like: This is really important to me. I need this picture back asap. I will make up to you if you can deliver within 72 hours!

dockerinoz - build containers that won't haunt you

Sat, 06 Apr 2019 11:32:33 +0000

dockerinoz - simple Dockerfile (security) best practices verification

dockerinoz is a very small and simple tool which allows you to verify the content of Dockerfiles against a given best practice. It’s nothing more than a fancy grep using a bit more than just simple regular expressions. This approach allows for very quick verifications which is especially important when implementing dockerinoz into your build pipeline. It also makes dockerinoz super easy to modify and extend - especially as the rules are just regular expressions in a json file (rules.json).

TYS 0x02 - PHP in 2019?! Are you insane!?

Sat, 30 Mar 2019 11:40:11 +0000

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.

There is a reason for everything!

PHP was one of the first web-specialized languages (created 1994) broadly used. Even today, 25 years later, PHP is powering at least parts of most of the web based applications on the internet (~80% - check https://w3techs.com/).

TYS 0x01 - communication in the shadows

Sun, 24 Mar 2019 18:20:11 +0000

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.

What is going on in our network?!

You are a SOC analyst looking into some weird traffic you spotted on TCP/31337.

TYS 0x00 - santas little RAT

Sat, 16 Mar 2019 20:30:11 +0000

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.

Santa brought you a little something for Xmas!

I know, it’s not Xmas anymore! But, when I wrote this challenge I was down deep in the Christmas spirit ;)

TYS

Thu, 14 Mar 2019 23:36:33 +0000

Test Your Skills

TYS is a pet project I started around Christmas 2018. Every other week I craft a little cyber security challenge and publish it in my organizations internal wiki for the wider security team to play with. As I exclusively work on these challenges during my spare time I decided to also share them with all of you (if there is actually anybody reading this!).

apatf - levenshtein distance in cyber security

Sun, 03 Mar 2019 17:10:26 +0000

Levenshtein distance what?

If you work or are just interested in cyber security you will have most likely encountered situations in which you would have loved to be able to automatically identify the percentage wise difference of two files or strings. A good example is a login or error page check. Imagine you are fuzzing a web application and you try to differentiate a successful injection from an error page.

except Exception as me:

Sat, 02 Mar 2019 23:58:11 +0000

tryAgain(True):

Ha, you might wonder what this madman is talking about ;) For returning visitors of mytty.org that all should make sense. I used to publish cyber security related content pretty frequently. I kept going for a few years until around mid of 2010. I figure that’s when my work got the better part of me and my life for good (oh yes, I’ve been working consulting hours) and I just stopped publishing any content at all.