nankeen

Posts

Printer Hacking Part 1 - Dumping Firmware and Debugging

Kai, 3 August 2021

It’s summer! For me this meant another season in Edinburgh but with some sun. For some of those at university it meant moving back home or even graduating. Which is what I suppose happened when I saw some books and other belongings by the pavement with a sign saying they’re free while on a walk around Sciennes. Among those was an Epson Workforce WF-2630. Context Now have you ever looked at something and immediately your mind goes: poggers.

pwnEd 2021 - Diary Pwn Challenge

Kai, 12 March 2021

pwnEd 2021 was the second iteration of the University of Edinburgh cyber security competition hosted by SIGINT from CompSoc. I’m a member of SIGINT and was the author of the diary pwn challenge, which was the only challenge without any solves throughout the CTF. This post will attempt to describe how to solve this challenge in detail for those with less experience in heap exploitation. Note: This challenge was modified from UnionCTF 2021’s notepad challenge, which I also wrote.

Google CTF Qualifiers 2020 - Root Power

Kai, 25 August 2020

A reverse engineering challenge I worked on for Google CTF Qualifiers 2020. I played with cr0wn 🇬🇧, which came 16th and qualified for the next stage. We were provided a virtual machine disk image and had to recover the root password. Outline First look at disk image. Access the file system. Discover the authentication mechanism. Reverse engineering a kernel module. Discovering what initramfs contains and does. Reverse engineering an AML file.

Plaid CTF 2020 Write-up 2 - YOU wa SHOCKWAVE

Kai, 19 April 2020

Story

Feeling stifled by the large crowd gathered in the entrance plaza, you open up your minimap and try to find somewhere to search far away from the entrance gate. Ah, perfect—there’s some kind of library on the other side of the Sanctum. A nice, quiet place to search alone for a bit.

Plaid CTF 2020 Write-up 1 - reee

Kai, 19 April 2020

Story

Tired from all of the craziness in the Inner Sanctum, you decide to venture out to the beach to relax. You doze off in the sand only to be awoken by the loud “reee” of an osprey. A shell falls out of its talons and lands right where your head was a moment ago. No rest for the weary, huh? It looks a little funny, so you pick it up and realize that it’s backwards. I guess you’ll have to reverse it.

Manage a cloud VM lab for hacking with QEMU/KVM and Libvirt

Kai, 31 May 2019

This is another tutorial about setting up a penetration testing lab on a cloud server. In the previous post I showed a way to use VirtualBox to create a quick and dirty VM. There are some drawbacks to using that method, mainly the display, which requires exposing a RDP port.

Create a cloud VM lab for hacking with VirtualBox

Kai, 28 May 2019

This is a tutorial about setting up a penetration testing lab on a cloud server. More generally it’s a guide about using headless VirtualBox to offload some work to the cloud.

VirtualBox is just one of the many choices, usually I prefer to use Qemu-KVM with libvirt for management.

THIS IS A QUICK AND DIRTY METHOD, NOT SECURE

OWASP Android Crackme Level 1

Kai, 12 September 2018

The goal is to get the password to this app. APK Download Running the app First, install the APK on an emulator or device with adb install UnCrackable-Level1.apk. Running it unpatched on an emulator The app yells at us about the emulator being rooted, so we’ll have to patch that out. In the background we can see that there is a text box prompting for a password. Decompiling Convert the APK to a JAR with dex2jar by running d2j-dex2jar -o app.

Is This Loss? Part 2: An object recognition model

Kai, 17 June 2018

/r/me_irl.Original webcomic by Safely Endangered. So in this part I’ll be looking into TensorFlow object detection models and integrate one with the chat bot in part 1. Picking A Model The TensorFlow object detection repository contains some links to pre-trained object detection models, which I’m going to use. I’ve picked ssd_mobilenet_v1_coco in this part for its performance, but for training I plan to use faster RCNN because of its higher accuracy.

Is This Loss? Part 1: Building a Discord Chatbot

Kai, 15 June 2018

So my schedule has been significantly emptier recently, it’s the weekend and I’m looking for a project. I thought about what I could do and came across chatbots, they’re fun to play with and not as expensive as a website. Interaction will be through basic commands, nothing fancy like natural language processing. However I will be throwing in some TensorFlow because this is going to be an objection recognition bot.

Protostar Write Up Part 1 - stack0-7: shellcodes and ret2libc

Kai, 31 March 2018

Protostar is a basic introduction to binary exploits, with ASLR turned off and an executable stack, it’s meant for learning the basics. You can download the VM here. I’ll be running it on my personal XenServer setup but VirtualBox is more than enough. Simply ssh in with the credentials they’ve provided and the exercises will be in /opt. I’ll be doing the stack exercises in this post. I’m slightly more familliar with stack overflows but there are things I got stuck at, like ROP and ret2libc.

nankeen

Pwn, rev, and stuff.