Posts tagged with "security"
Post-Mortem: Trollcave

This is a post-mortem of my Trollcave vulnerable VM. As it goes into implementation details of the different components and their vulnerabilities, it can be considered a comprehensive spoiler. If you’re going to, complete the VM before reading this. By the period between its inception and release, Trollcave was the labour of two years and a bit. But in terms of when I actually worked on it, it was the labour of about three weeks. Over the first week following its initial commit, I coded in a mad frenzy. Then...

Walkthrough: Trollcave

Now that a couple of people have finished my vulnerable VM Trollcave (and let me know) it’s time to release the official walkthrough. OhExFortyOne and LutusHacks have also released walkthroughs, so check those out too for a couple of different takes on the box. There are a few different ways to approach this VM and successfully root it, but the compromise path I built it around looks like this: In addition to this path, there’s a...

The project wizard

Here’s something I find software increasingly doing that irritates me a little bit: the startup project wizard. For an example, look at just modern programming IDEs like PyCharm, RAD gamedev tools like Unity and GameMaker Studio and even newer versions of the pentesting-focused HTTP proxy tool Burpsuite. Open any of these programs and you’ll be greeted by a project wizard. Before you can actually use the program to do any programming/gamedev/traffic interception/etc, you have to go through a bunch of menus to create a new project with...

Announcing Trollcave

I’ve added something new to the Games page, but – like a couple of other things on that page – whether it qualifies as a game depends on what you mean by “game”. It has a clearly defined objective, multiple stages of progression and requires you to expend effort towards no useful end, so I’m going to call it a game. Also I don’t want to make a “Vulnerable VMs” page on this website – at least not until I make a second one. Trollcave is a...

Ways to download a file from a remote Windows machine

During network exploitation/pentesting/system administration, sometimes you’ll get on a Windows target and need to download a file – i.e. move it from your client to the target. This is a common problem with a lot of good, quick solutions. Other times, you’ll get on a Windows target and need to upload a file – i.e. move it from the target back to your client. This tends to be a little trickier, but there are nonetheless a few reasonably quick and easy ways to do it. I’ve documented five of them...