Exploiting Tar Wildcards

by Vince
in Blog
Hits: 2854

This is kind of an interesting exploit because it's one of those things where you really don't understand the consequences of your actions.  Granted, this is a made up scenario in part but the exploitation part is not made up -- it's the real deal.

In this scenario, we have a low privileged user account and in their home directory we find this backup folder.

Read more

Jpg Repair with Hexedit

by Vince
in Blog
Hits: 5681

According to the description:  "hexedit - view and edit files in hexadecimal or in ASCII".  So how did I end up here?  I was playing a ctf challenge and I came across a picture that was supposed to be a jpg file but was intentionally altered.  Much Googling followed and after trying some fixit-type tools (that didn't work), I ended up on a post that talked about manually repairing the image file with hexedit.

Read more

Local File Inclusion Parameter

by Vince
in Blog
Hits: 2003

I thought this was an interesting problem because there's a local file inclusion vulnerability but some of the typical methods for including the juicier files are prevented due to the addition of a defined PHP parameter.  The problem consists of a web site that allows the viewer to select whether they'd like to see dog or cat pictures.

Read more