Purpl3 F0x Secur1ty

Security Research.

  • Test

    Mermaid chart graph LR A[Wake up] --> B(Drink Coffee) B --> C{Awake yet?} C --> |Yes| D[Work] C --> |No| E[Drink moar] Flowchart st=>start: Wake up op=>operation: Drink coffee cond=>condition: Awake yet? e=>end: Work st->op->cond cond(yes)->e cond(no)->op Run Mermaid top-down chart graph TD A[Wake up] --> B(Drink Coffee) B -->...

  • Vulnhub - Misdirection

    Intro Misdirection is a pretty simple OSCP-like machine that was very recently released by InfoSec Prep’s very own FalconSpy. He built it as some extra practice for people who are gearing up for OSCP and want something outside of the PWK labs. You can find it here. Part 1 -...

  • Exploit Dev - New Integard 0-day - CVE-2019-16702

    Intro After getting some tips from a friend about a way of finding 0-days, I decided to return to Integard Pro v2.2.0.9026 and fuzz some different parameters in the HTTP POST header. After about an hour, I found a new buffer overflow that allowed me to overwrite EIP. There are...

  • OSCE Prep - Vulnserver LTER - Alphanumeric Restrictions

    Intro This was probably one of the more complex Vulnserver exploits that I made, requiring lots of jumping around, stack adjustments, and the infamous alphanumeric character restrictions. I took this as an extra opportunity to practice some manual encoding but also sped things up with this nice script here While...

  • OSCE Prep - Vulnserver KSTET - Socket Reuse

    Intro Before I say anything…! —> All credit goes to this awesome guy here! <— Without this post I’d have never even heard of socket reuse in buffer overflows. This was completely new territory for me and something I haven’t really  seen in anything I’ve run across in Exploit-DB, so...

  • OSCE Prep - Integard Exploit

    So with all my lab exercises done it's time to venture outside the course material and do some extra practice. I went to Exploit-DB and looked up some Windows x86 buffer overflow posts that have links to the vulnerable software. The first thing I tried had a complicated setup just...

  • OSCE Prep - HP NNM 0-Day Re-creation

    Holy mother of god. This module took me four days to complete, spending 3-4 hours per day after work. Problems first started during fuzzing, mostly just because I was mis-interpreting the fuzzer results and not understanding the subtle nuances of how to fuzz properly. After that, it became an almost...

  • OSCE Prep - Vulnserver GMON - SEH Overwrite (No Egghunter)

    Previously, I wrote about performing the vulnserver.exe GMON SEH overflow, using an egghunter to overcome the space limitations. After a night of frustration and much learning, I re-created the exploit without the egghunter. This will be a short post because I'm only going to cover the differences between this exploit...

  • OSCE Prep - Vulnserver GMON - SEH Overwrite w/Egghunter

    Passing the OSCP exam was a hell of a confidence booster, and taught me that I am capable of so much more than I thought. Breaking the habit of putting limitations on myself was quite a feeling. So I threw all caution to the wind and signed up for Cracking...

  • OSCP Review

    On April 15th I received the best email I've gotten in a long time; a confirmation from Offensive Security that I had passed my PWK exam and obtained my Offensive Security Certified Professional (OSCP) certification! 15 months in the making, it took 2 attempts to get it. A lot of...

  • VulnHub - Kioptrix 5

    The final box in the Kioptrix series is here! This one was the hardest by far, and every bit of advancement came only after a fair deal of research, head scratching, and frustration. Getting the initial foothold took many steps, some of which I've never done before, but getting root...

  • VulnHub - Kioptrix 4

    Now it's time for the next pentest challenge in this series, Kioptrix 4! Recon and enumeration: As always we start with an nmap scan, courtesy of my favorite enum tool Sparta, and can see some pretty common ports open, SSH, web, and SMB. I always like to check out SMB...

  • VulnHub - Kioptrix 3

    Here we are with Kioptrix level 3! This one was significantly more challenging than the last two if you exploited it manually, but there were some ways to automate the process to get the initial foothold to make things easier. Recon and initial enumeration: This one is going to be...

  • VulnHub - Kioptrix 2

    Time for Kioptrix #2! This one was ever so slightly more difficult to get root on, but only because I let myself fall down rabbit holes instead of exploiting the obvious. Recon and initial enumeration: As always I started off using my favorite scanning tool Sparta to get the open...

  • VulnHub - Kioptrix 1

    This one is going to be fairly short and sweet. It was a pretty simple box found over at vulnhub. https://www.vulnhub.com/entry/kioptrix-level-1-1,22/ Vulnhub is a site that hosts downloadable VMs that are CTF-style challenges. You'll need VMware to host them, and the drive space, but the upshot is that you don't...

  • Vulnserver TRUN - Vanilla EIP overwrite

    Stack buffer overflow exercise: Vulnserver.exe I've taken quite a liking to doing basic stack buffer overflow attacks after learning out to do them in the Pentesting With Kali Linux course. I learned so much about assembly, and how to debug and analyze programs and gain a deeper understanding of how...

  • HTB - Active

    Created by eks and mrb3n Let me preface this by saying that this was my favorite box on HackTheBox because it was one of the most real-world-like box that I've encountered so far. The vulnerabilities exploited here can be exploited in the real world and lead to the compromise of...