Spying penguin. Windows post-exploitation with a Linux-based VM

Windows-based systems are significantly more resistant against MITM attacks in comparison with Linux-based ones. The reason is simple: Windows does not include a handy mechanism to forward transit packets. Today, I will explain how to use a minimalist Linux system running on a virtual machine as a gateway. The attack also involves bridged network interfaces that grant the guest OS full L2 access to the network segment where the compromised Windows system is located. The VM will be deployed using VirtualBox.
Read full article →

MicroB. Writing BASIC in assembler language and squeezing it into 512 bytes

Want some practice in assembler? Today, I will show step-by-step how to write a BASIC interpreter and run it from the boot sector of your PC. My interpreter includes overlapping subprograms with branching recursion – otherwise, BASIC won’t fit in 512 bytes. It’s quite possible that this project becomes the most sophisticated program in your life. But after writing it by your own hands, you will be able to rightfully call yourself a hacker.
Read full article →

Android SSL Pinning


Modern requirements to mobile data processing apps designed for work with personal and financial data include secure data transfer over the Internet. SSL pinning is a mechanism used to satisfy this requirement: it enables the user to identify a server based on an SSL certificate stamp embedded into the app. This makes Man-In-the-Middle attacks almost impossible and prevents the interception of the data traffic between a client and a server.


Read full article →

Stratosphere flight. How to crack Struts using an Action app and create a Forward Shell

Today, I will show how to conquer the stratosphere – i.e. gain root access on the Stratosphere VM available on Hack The Box CTF grounds. To capture the root flag, I will have to overcome the Apache Struts framework to get an RCE vulnerability in a web app, put to practice the rarely used (but still very useful) Forward Shell remote session concept, highjack a library, and find a way to exploit the eval() function in a treacherous Python script.

Read full article →