Using pfSense on your internal network?

and NAT won’t work? Don’t be me. Don’t forget to uncheck ‘Block private networks and loopback addresses’ and ‘Block bogon networks’ from your WAN interface.

As you would expect, if you’re using pfSense as a router between VLANs which are on private network addresses, that setting will ruin your day 🙂

More to come on my lab setup 🙂

PWK/OSCP – Stack Buffer Overflow Practice

When I started PWK, I initially only signed up for 1 month access. I was putting in a huge amount of time in the labs, learning what I thought would be enough to get through the exam, without completing the buffer overflow section of the exam.

I was scared of buffer overflows, all that hex and assembly, shellcode, memory addresses, endianness… I tried to skip it.

Continue reading PWK/OSCP – Stack Buffer Overflow Practice

OSCP Exam – Preparation, Exam Day & Report Day

In December 2016 I set the goal of achieving the OSCP certification by the end of June 2017. I have been in a development role at my current employer for 8 years – they’ve been incredibly good to me and I love working there – but I want to move into more of a security focussed role so I figured I would need a serious certification to achieve this. I’d love to stay with the employer I am with, and our current security team has said my skillset is such that I compliment their skills, and would be great to assist our other developers with security.

This week I achieved that goal!

Continue reading OSCP Exam – Preparation, Exam Day & Report Day

Try Harder. No, harder! Keep going… TRY HARDER!

Try Harder! It sounds like an annoying catch phrase, doesn’t it. I thought the same, when I started PWK in January.

I thought that you do, or you do not. There is no try.

Well, having now completed my OSCP exam and lab report and having been granted the OSCP certification, I now know there is no do – there is only TRY HARDER!

“Try Harder” is a hard concept to explain. It’s probably even a very individual concept to each person who does the certification – but I know for certain that the PWK labs and the OSCP certification exam challenged me more in a short period of time than just about anything else in my professional career!

I’ve done some challenging things as a developer. Designing a secure solution for single sign on from a custom mobile application into another custom application was challenging. Designing a protocol to allow a staff member to emulate student access to a major system in an afternoon was challenging. But, these were challenging in a different way. At 3pm in the afternoon after documenting the protocol for HMAC data validation in a custom mobile application, if I get tired, and assuming I have managed my time correctly, I can task-switch to something else for the rest of the day to give the grey matter a break.

That’s challenging. Putting yourself in the mindset of an attacker for hours on end, considering what they could see on the wire, what the protocols in use are, what known weaknesses the protocols have and how they can be mitigated – that’s all pretty challenging stuff. It’s also a place I thrive in!

Then 5pm comes along – and off to the pub you go. It simmers in the back of your mind over the weekend, but not much more thought is given than that.

But PWK and the OSCP exam take the concept of challenging to a whole other level. 24 hour exam. 5 hosts. 70 points required. Metasploit on one host only. No commercial tools. But, then it’s not over. Not by a long shot. You then have 24 hours to prepare and submit your lab & exam report. This in itself is a tough challenge, and if you’re also submitting your 10 lab hosts you’d better make sure they’re finished BEFORE you need to document your 5 lab hosts!

The OSCP exam itself isn’t just a penetration testing challenge, it’s a test of your stamina. It’s a test of your preparation. It’s a test of your time management skills.

It is a test of YOU.

It gets tough.

It gets really tough.

But, if your preparation is right, if your skills are on, and if the luck is with you – it all falls into place.

But. Here’s the thing. It only falls into place if you…

TRY HARDER!

It’s kind of intangible. It’s hard to explain.

If you’re considering doing PWK, you’ll just have to jump in and find out for yourself.

 

 

 

Google Dork; WordPress debug.log

This is an epic sigh, failure moment.

via GIPHY

According to the documentation, WordPress allows the setup of debugging to a file, when issues are encountered inside the software. All well and good, I’d expect that. What I wouldn’t expect is the file it dumps the data into – to be WORLD READABLE!

But I suppose this is WordPress, and they’re well known for doing dumb shit like this constantly.

Google Dork: https://google.com/search?q=inurl:wp-content/debug.log

If you run WordPress, please make sure this file is not world-readable – please protect it with your Apache/Nginx/IIS config – don’t rely on it not being visible in a directory list!

I’ve submitted this to exploit-db and their Google Hacking database.

DEFCON 2017

Yes, I said 2017. DEFCON 2016 hasn’t even happened as yet, but the Mrs has given approval for me to attend DEFCON 2017!

So, now to commence saving and researching flights, transfers and accommodation.

I’d like to fly over a few days before and spend some time in San Francisco, then drive down to Las Vegas over the course of a day and a bit for DEFCON. After the conference I’m likely to be pretty tired – so will probably fly from Las Vegas to Los Angeles, then home again.

Lots of flying… But I’m sure it’ll be awesome!