dotdotpwn in Kali 1.0.7

I see that the directory traversal testing tool dotdotpwn was removed from Kali.  While i’m sure there are other tools that can do the trick, I liked it for its simplicity and its ‘get one thing done really well’ mentality.  To get it installed: git clone https://github.com/renormalist/perl-net-tftp cd perl-net-tftp/ perl …

Continue reading

Open X11 Server Exploitation

What is X Server?  X11 is the graphical display engine for Linux.  More information can, naturally, be found at http://en.wikipedia.org/wiki/X_Window_System.  Gnome and KDE are two typical interfaces that run on top of X11.  We will be looking at an OPEN X11 server though, meaning that *anyone* can connect to it over …

Continue reading

Advanced Netcat

I wanted to build a post around -> http://lanmaster53.com/2011/05/7-linux-shells-using-built-in-tools/ That post has quite a few little tricks into getting your shell.  I wanted to do some experimentation using various distributions of Linux to make sure they all function similarily.

Continue reading

Synology Exploit

I love my Synology NAS.  It is a GREAT piece of technology.  Recently though, a vulnerability and exploit were discovered: here. I, unfortunately, don’t run an older firmware so I wasn’t able to try the exploit.  Luckily, I have friends that do, so here is the exploitation video.

Continue reading