Monday, 29 April 2013

Security Challenges

A few days ago on Reddit's r/NetSec, a link containing some penetration testing challenges was posted. I've decided to post some hints to each of them since having completed some of them.

I'd like to get back and take a swing at the web-based ones as they should be doable on my part, but priorities! If I get a chance to do II, III, and VI, I'll likely post a follow up here.

Challenge I

This one is fairly straight forward. Pay attention to the URL and you'll notice that it does an include of a file. You can easily bypass this by inserting a URL-encoded null character (x00) in the string to bypass some barriers that are in the way of things. You'll then want to look for some Apache-specific password files.

Challenge VII

One of the things that threw me off in this WiFi challenge was that the packet capture was seemingly useless. Just over 5,000 IVs were captured and as a result normal methods for breaking WEP were out of the question. I tried to bruteforce this too and was pulling my hair out.

It was pointed out by a friend that the access point in question has a vulnerability that allows one to quite easily generate keys based on the ESSID--it was using one of the defaults too so I felt a bit dumb for not cluing into this, but the unit is for an Irish telecom and I am Canadian. Once I had that sorted out I was able to decode the packet capture and then was able to determine how to get my name added to the list.

Challenge VIII

Let me start off by saying this: don't bother performing a packet capture. It might give you a hint about what is going on but don't analyse it any further than that.

This is really going to be a reverse-engineering job requiring a bit of Java skills--or the ability to at least be willing to wet your feet with the language. In the end you're going to need to make use of a Java decompiler (jad) and then just parse through everything to understand what each function is doing.

It's really easy to do if you have any level of coding experience. Up until this challenge I had zero experience with the language and managed to get it to run an application that performed all of the functions I needed to reverse what was done--I was from tutorial to compiled in less than five minutes (seriously).

Break the PIN

This one was surprisingly easy. As the author of the challenge notes elsewhere, there is no need to hammer his server for a result. In the end you can do this offline if you examine what he's looking for (a 7 digit number) and then the code on the page itself. You should be able to whip something up in any language and have it cracked in less than three minutes.

No comments:

Post a Comment