How ssl(x509) verify the cert signature with issuer pub key?
Implementation
First we visit google.com and get certs(end, intermediate, and root)
$ openssl s_client -showcerts -connect 8.8.8.8:443
Connecting to 8.8.8.8
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 C=US, O=Google Trust Services LLC, CN=GTS Root R1
verify error:num=20:unable to get local issuer certificate
song856854132 changed 3 years agoView mode Like Bookmark
:::info
FTP
The File Transfer Protocol (FTP), using a client–server structure to
:::
The target we play today, Cap, is quiet easy one and noob friendly. From HTB dashboard, we can acknowledge its IP address : 10.10.10.245.
Step 1. Info Gathering
So first step we might want to begin with info gathering.
song856854132 changed 4 years agoView mode Like Bookmark
part 1. Buffer Overflow and Advanced Memory (Stack) Protection
What Does Buffer Overflow Mean?
When executing a program, which may contain some variables, such as an array, a distributed space by function malloc, etc., it must generate buffers, which are used to store variables' values under normal circumstances, utilized by attackers to implant shellcodes for obtaining the control.
The causes of buffer overflow vary from over-long user input covering the return address to the user input exceeding the extreme value of the variable. Even if the vulnerabilities of the buffer overflow is triggered, it's not easy to implant shellcode to achieve the goal because there are some defense mechanism exsited into the system's memory.
What Does Advanced Memory Protection Mean?
When executing a program, the system adopts some specific approaches to keep the program operating normally.
Structured Exception Handling (SEH): A protection mechanism to prevent buffer overflow with handling specific abnormal code situations.
1. Introduction
In conventional computing, we need data centers with massive computing resources in order to meet an organization’s maximum needs of data processing. However, the computing resources are costly and often largely idle which cause computing resources underutilized.
Thus cloud computing took over the place of conventional computing with data centers. An organization can obtain the computing resources from cloud service provider. Instead of purchasing the computing resources, organizations can purchase computing services from cloud providers, such as AWS, Azure or GCP, where it is much cheaper then purchasing the computing resources.
Cloud computing is not without the issues. Organizationshave concerns in moving their data to a cloud due to the dataprivacy. Possible threats to the data privacy could be from cloud providers’ employees, clients, and network hackers.
:::success
"Homomorphic encryption is a form of encryption that permits users to perform computations on its encrypted data without first decrypting it."
--- cited from wikipedia
:::
The difficilt thing is: most of existing encryption schemes require data to be decrypted for computations, where decrypted data becomes vulnerable. But what if a computations scheme can be performed on encrypted data without decryption, then the security of data would not be a concern at all. Homomorphic encryption makes it possible to process encrypted data without decryption whereby the encrypted results can only be decrypted by the client who requests the service.
song856854132 changed 4 years agoView mode Like Bookmark
Suggestion of using this
Because this is budget-friendly.
Texas Instrucment production, wisely used
There is a Develope ToolKit -- BTool
Practical Developement
Compile environment -- IAR or gcc
Platform -- smartRF, RaspberryPi
song856854132 changed 4 years agoView mode Like Bookmark
Amercan Fuzzy Lop
I've tried two afl-* compiler, one is afl-gcc and the other is afl-clang-fast, to know what's different on the speed.
The reason is that when I use afl-gcc on my laptop, it turn out to be some cpu scaling issue required by afl. Meanwhile, I tried it on my Desktop, nothing happened.
Result - Laptop, Kali
However, by running afl-fuzz, I felt no different comparing these two.
Curiously I search some relative material about it, which shown below. It said that the total path is less while compile with afl-clang-fast.
Result - Desktop, Ubuntu
song856854132 changed 4 years agoView mode Like Bookmark
:::success
Project Goal:
To move formal network function onto Docker Container and making an extensable Web-Service, take HTTP server, WAF, VPN, DB for example, user can conveniently use this framework to deply his own web application.
:::
:::info
Progress and Code Review:
[x] Unfinished
[ ] Vulnerablity Fixed
song856854132 changed 4 years agoView mode Like Bookmark
Basic of Ansible
Select a machine
Ansible is based on ssh connection, thus make sure you can ssh into the remote system. If necessary, add your public SSH key to the authorized_keys file on those systems.
After selecting a machine, edit /etc/ansible/hosts and add the remote systems into it. For this example, use either IP addresses or FQDNs:
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
song856854132 changed 4 years agoView mode Like Bookmark
cite:https://docs.rapid7.com/metasploit/metasploitable-2-exploitability-guide
https://searchsecurity.techtarget.com/tip/Using-Metasploit-for-real-world-security-tests
Need-to-know Metasploit commands(mostly is show, set, use)
Below is an example of a Metasploit test using the free Metasploit Framework. I will be testing for WannaCry, a worm that exploited a vulnerability in the Microsoft Server Message Block protocol known as EternalBlue.
Before jumping into the specific steps to execute this exploit, there are some common Metasploit console commands you should know about. The Metasploit console is referred to as msfconsole, which also happens to be the name of the batch file that starts up the program.
Commands you should be familiar with include:
song856854132 changed 4 years agoView mode Like Bookmark
origin: IEEE standard 802.15.1, 2002 - Wireless Medium Access Control (MAC)and Physical Layer (PHY) Specifications for Wireless Personal Area Networks (WPANs)
background
the idea of WPAN and piconet
:::success
Why WPAN?
WPAN的提出,可追溯到電腦的轉變,從本來的桌上電腦縮小化、多樣化,衍伸到PDA、MP3、掌上型遊戲機、數位相機、行動電話等。因此進入「一人多機」的時代後,也就逐漸形成另一種需求,「多機」之間需要一個便捷的傳輸、溝通、交換網路,因此有了WPAN。
:::
song856854132 changed 4 years agoView mode Like Bookmark