Cloudflare is a service that acts as a middleman between a website and its end users, protecting it from various attacks. Unfortunately, those websites are often poorly configured, allowing an attacker to entirely bypass Cloudflare and run DDoS attacks or exploit web-based vulnerabilities that would otherwise be blocked. This post demonstrates the weakness and introduces CloudFlair, an automated detection tool.
Category: pentest
Here you will find posts related to pentest: mainly walkthroughs of vulnerable machines from VulnHub for now.
[Write-up] SickOs 1.2
![[Write-up] SickOs 1.2](https://blog.christophetd.fr/wp-content/uploads/2017/06/1497627146_firewall-150x150.png)
This post is a walkthrough of the VulnHub machine SickOs 1.2. I previously wrote one for its little sister, SickOs 1.1. I found this second version to be more challenging, but also more realistic; the author tried to mimic what one could encounter during a real engagement – and it does it pretty well.
[Write-up] SickOs 1.1
![[Write-up] SickOs 1.1](https://blog.christophetd.fr/wp-content/uploads/2017/04/Shellshock-150x150.png)
[Write-up] Vulnix – playing around with NFS
![[Write-up] Vulnix – playing around with NFS](https://blog.christophetd.fr/wp-content/uploads/2017/04/1491922539_nfs_mount.png)
[Write-up] Mr Robot
![[Write-up] Mr Robot](https://blog.christophetd.fr/wp-content/uploads/2017/04/mr_robot_tv_series-978107021-large-150x150.jpg)
[Write-up] Droopy v0.2 CTF
![[Write-up] Droopy v0.2 CTF](https://blog.christophetd.fr/wp-content/uploads/2017/01/1491922778_39-150x150.png)
I recently started gaining a lot of interest in security, and after reading several CTF write-ups, I decided to try to solve one by myself. I chose Droopy v0.2. In case you don’t know, the goal of a CTF is very simple: Capture The Flag! Most of the time, the flag is simply a text file that you can obtain after having gained root access on the machine. You are only provided with a virtual machine, and the rest is up to you. Let’s get started!