John Pierce

. CISSP, SLAE, Security+

PANW CTF Labyrenth Unix Track Challenge 2

Initially I signed up for this track thinking it was Linux.  Just before the competition, the track name was changed to Unix, meaning Mac.  Luckily I was able to use a Mac, though I have never programmed or reversed on one.  This and the next few challenges were quite the learning experience.  I eventually (level 6) wound up purchasing Hopper from hopperapp.com.  It is a great tool for debugging on Mac and Linux, though I'll probably continue to find use for IDAfree on Linux.  Unlike the free IDA, Hopper includes a disassembler that helps some with code analysis.

This was more of just a logic/hunch test in my case.  I ran soconnect.sh and Wireshark to see what types of network activity were going on, and all that happend was a page request from example.com.  I ran strings and found reference to y2k and 01/01/1999, then thought maybe the challenge required that the server return a date near the y2k roll date.  I modified /etc/hosts to redirect www.example.com to a VM, set the data in the VM to December 10, 1999 and ran the test.  Got the password.  I chose 12/10/1999 just kind of by chance, as I wrote a script that would set the date, wait for a keypress, then increment the date at the server.  I just started at 10 and was going to work my way up.  Turns out, I didn't need to.

On the server:

for i in $(seq 10 31); do sudo date --set=1999-12-$i;sed -n q </dev/tty;done
 

On the client:

./challenge
PAN{ThaddeusVenture}

Most Recent Articles

First bit::

This is a writeup of the format string vulnerability in level 4 of the 64bitprimer VM from vulnhu

First bit::

Installation of the software to make a yubikey 4 work in FIDO U2F mode on Debian Jessie i386

First bit::

Lesson(s) learned

First bit::

This one stumped me. Overall, it was a great competition for me as I got to learn a whole lot of new things. I had never worked on a Mac, other than as a user, had never used Hopper, lldb or any of the other tools for reversing on a Mac, and haven't got any experience in the Objective C/Swift framework.

First bit::

4 rounds, lots of debugging

Videos

Categories: Network security, Videos
First bit::

Explains the workings of a DMZ, walks through setting up and testing of a DMZ in a virtual machine lab environment

Categories: Network security, Videos
First bit::

In this video I go through the process of setting up an SSH tunnel to hide an IP and also setting

Categories: Exploits, Videos
First bit::

Useful for someone who is interested in what a buffer overflow is. Does not go into the details of development, just explains generally and demonstrates the use of one.

Categories: Exploits, Videos
First bit::

a demonstration of a vulnerability discovered and published by Muts in 2004, exploited on a Windows XP SP3 machine using Python, Immunity Debugger, and Metasploit.

Categories: Network security, Videos
First bit::

In this video I demo some simple iptables rules and show them how to perform network traffic analysis to test them out.