Harry Potter Part 3: Fawkes

  • Banner Grabbing
  • Buffer Overflow attack
  • Traffic analysis
  • Docker Breakout
  • Exploit modification
Initial Box
  • 21, 22, 80, 2222, 9898
ftp access
Port 9898 Banner Grabbing
checking ports
spiker program
Running the spiker
Using debugger to see the crash
Determining offsets
Controlling EIP
Local test
remote execution
misconfiguration note
Dumping ftp traffic
  • there is a /etc/passwd.bak
  • password found for mysql
  • there is a /usr/local/bin/sudo
  • port 68 on UDP
  • additional hostname is WordAttacker
  • cron is running, but nothing stands out for the default directory
Examining the exploit
Looping for the race condition to succeed

--

--

--

Cyber Enthusiast and sharing some knowledge in a systematic way

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Learning C++: Mutating Algorithms of the STL

Meta-programming in Python: Decorator Classes

Behavior Driven Development with JUnit 5. Part 5

Running Your Own Reverse Proxy with Localtunnel

FeathersJS Offline-first

Cloning a BY/JDA WMS Application Server on Windows Server

Edu Inspector in colaboration with Code Inspector

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ArtilleryRed

ArtilleryRed

Cyber Enthusiast and sharing some knowledge in a systematic way

More from Medium

UP Fair: Awit mo’y Paglaya #AtinAngPinas #EmpowerFilipinoVoters

Alag Lipi: Can a typeface solve the reading problems of dyslexia?

Don’t Ignore Animal Testing

Scaling Joy, Part 2: The Tech Trauma Origin Story