Building a Kiosk where Google Chrome is running in full screen and user interaction with the system are reduced to the minimum.

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel. "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." (Source: Red Hat)

The 13th if July a new wild CVE appeared (Yes, Pokemon Go is still a buzz for the moment).

The CVE 2016-6210 allow a user enumeration on an SSH server by comparing request time between non existing user and allowed ones. This vulnerability target OpenSSHD with a version of 7.2p2 or inferior.

That means with a good dictionary you may know which user are present on the server with an SSH access.

This post just demonstrate how to exploit this vulnerability with a simple example.

As droopy was not really hard and doesn't contain as much web vulnerability as I would hope for, I tried an other VM SecTalks: BNE0x03 - Simple There were also hints on the description of the machine but with my resolution they do not appear when just browsing the main page of vulnhub so I have not spoiled myself with the hints this time.

A few days ago, I installed a new pentesting box based on Arch Linux with Kali

in a virtual machine. In order to test it I select a light vulnbox on vulnhub : Droopy. There were two hints on the description of the machine on the vulnhub download page:

1. Grab a copy of the rockyou wordlist.
2. It's fun to read other people's email.

We will see how to use them in a moment :)

I bought the new raspberry pi 3 with integrated Wi-Fi. Currently I still have a Ethernet cable running through my living room to my old raspberry pi 1.

Just willing to download the last raspbmc version I figured that it was no more raspbmc but osmc which is basically the same but with much marketing around it. The most annoying one is that you need to install an install (such meta). I was pretty much sure it was not really necessary and moreover there is no version of the installer for Arch Linux.

Still playing with the vulnhub machines this time it is the turn of FlickII. This one is different from the others as it has an android application associated. It would be a great exercice to play with mobile application, decompile it and see what is in the inside.

Recently I performed a MS Exchange configuration review. For the "old" version of exchange we can use the Microsoft Exchange Best Practices Analyzer (link is dead) For the new version of MS Exchange (2013 and 2016) the tools must be download from the office 365 market (link is dead). But most of the MS Exchange server are not directly connected to internet. That is why I used a tool developed by Paul Cunningham: Exchange Analyzer available on github.

After the Acid challenge I was really motivated. Therefore I give a look at another vulnhub machine I had already download since a while: NullByte.

Since Fart knocker in June I have worked on an other vulnhub machine: darknet. But this one is really hard and get me stuck. I was a bit demotivated to continue vulnhub's machines but I got some time this week, therefore I tried the Acid one.