I recently worked on a small toy project to execute untrusted Python code in Docker containers. This lead me to test several online code execution engines to see how they reacted to various attacks. While doing so, I found several interesting vulnerabilities in the code execution engine developed by Qualified, which is quite widely used including by websites like CodeWars or InterviewCake. The combination of being able to run code with network access and the fact that the infrastructure was running in Amazon Web Services lead to an interesting set of vulnerabilities which we present in this post.
Category: Security
[Write-up] SickOs 1.2
![[Write-up] SickOs 1.2](https://blog.christophetd.fr/wp-content/uploads/2017/06/1497627146_firewall-150x150.png)
This post is a walkthrough of the VulnHub machine SickOs 1.2. I previously wrote one for its little sister, SickOs 1.1. I found this second version to be more challenging, but also more realistic; the author tried to mimic what one could encounter during a real engagement – and it does it pretty well.
Set up your own malware analysis lab with VirtualBox, INetSim and Burp
In this post we will set up a virtual lab for malware analysis. We’ll create an isolated virtual network separated from the host OS and from the Internet, in which we’ll setup two victim virtual machines (Ubuntu and Windows 7) as well as an analysis server to mimic common Internet services like HTTP or DNS. Then, we’ll be able to log and analyze the network communications of any Linux or Windows malware, which will unknowingly connect to our server instead of the Internet. We demonstrate the setup with a real life use case where we analyze the traffic of the infamous TeslaCrypt ransomware, a now defunct ransomware which infected a large number of systemsContinue reading… Set up your own malware analysis lab with VirtualBox, INetSim and Burp
[Write-up] SickOs 1.1
![[Write-up] SickOs 1.1](https://blog.christophetd.fr/wp-content/uploads/2017/04/Shellshock-150x150.png)
In this post I’ll talk about how I managed to exploit the SickOs 1.1 VM made by D4rk36. The fact that the author mentions it is very similar to the OSCP labs caught my eye since I’m seriously thinking about taking this certification in a few months. 🙂 Let’s get started!
[Write-up] Vulnix – playing around with NFS
![[Write-up] Vulnix – playing around with NFS](https://blog.christophetd.fr/wp-content/uploads/2017/04/1491922539_nfs_mount.png)
I managed to find the time to play on a new vulnerable VM. This time, it will be Vulnix and will mainly be around exploiting vulnerable NFS shares. The VM was overall quite simple, but still learned me several things about NFS and how it plays with remote permissions.
[Write-up] Mr Robot
![[Write-up] Mr Robot](https://blog.christophetd.fr/wp-content/uploads/2017/04/mr_robot_tv_series-978107021-large-150x150.jpg)
It’s been a few months since I wrote my last write-up on a VulnHub vulnerable machine. Time for a new one! The VM is called Mr Robot and is themed after the TV show of the same name. It contains 3 flags to find, each of increasing difficulty.
[Write-up] Droopy v0.2 CTF
![[Write-up] Droopy v0.2 CTF](https://blog.christophetd.fr/wp-content/uploads/2017/01/1491922778_39-150x150.png)
I recently started gaining a lot of interest in security, and after reading several CTF write-ups, I decided to try to solve one by myself. I chose Droopy v0.2. In case you don’t know, the goal of a CTF is very simple: Capture The Flag! Most of the time, the flag is simply a text file that you can obtain after having gained root access on the machine. You are only provided with a virtual machine, and the rest is up to you. Let’s get started!