DerbyCon 2016 CTF Write Up

We’ve just got back to work after spending a fantastic few days in Kentucky for DerbyCon 2016.  As with previous years, there was an awesome CTF event, so we thought it’d be rude not to participate.  This post will provide a walk-through of some of the many interesting challenges.  

ZeroPress – A WordPress Vulnerability Hunter

Finding WordPress plugin vulnerabilities is like shooting fish in a barrel.  Like taking candy from a baby.  Like… you get the idea.  Quick wins are good wins and there’s nothing like easy remote code execution to put a smile on your face.  WordPress plugins are the gifts that keep on giving.

Rocktastic: a word list on steroids

Bigger isn’t always better, but sometimes it is.  If you need a huge word list before you hit those mask attacks, we’ve got you covered.  We call it Rocktastic.  When you absolutely, positively, got to crack every hash in the room; accept no substitutes.

NTLM hashes

Introducing ‘XSS Payloads’ repository: Cross Site Scripting doesn’t have to be boring

Sometimes, particularly when dealing with a system perimeter, there’s very little attack surface to deal with.  You may find yourself with not much more than boring old XSS to poke at.  We feel your pain.  The good news is that it isn’t all doom and gloom.

What is the jailbreak for iOS 9.3.3 actually doing?

Many people who jailbreak their devices are unaware of the vulnerabilities being exploited in order to gain privileged access to the underlying iOS operating system. Users typically jailbreak devices in order to install applications that have not undergone Apple’s software evaluation process.

Nettitude Labs release PoshC2 v1.0, a command and control framework

PoshC2 is a proxy aware command and control framework written completely in PowerShell.  It is designed to aid penetration testers with red teaming, post-exploitation and lateral movement.