Officially a BIT Network Security graduate. Also an extra award for academic achievement. Last two years have been a time. Ty everyone. #bachelorofit #networksecurity #tafensw #distinctionaverage
Misplaced Lens Cap
Fai_Ryy
đŞź
Claire Keane
No title available
art blog(derogatory)

No title available
Lint Roller? I Barely Know Her

titsay
2025 on Tumblr: Trends That Defined the Year
noise dept.
I'd rather be in outer space đ¸

PR's Tumblrdome
h
almost home
taylor price

⣠Chile in a Photography âŁ
Cosmic Funnies
Monterey Bay Aquarium
TVSTRANGERTHINGS
seen from Thailand
seen from Germany

seen from Malaysia

seen from United States

seen from Brazil

seen from Netherlands
seen from United States
seen from United States
seen from United States
seen from United States

seen from United States
seen from United States

seen from United States
seen from Germany
seen from United States
seen from United States
seen from United States
seen from United States
seen from China
seen from United States
@satiex
Officially a BIT Network Security graduate. Also an extra award for academic achievement. Last two years have been a time. Ty everyone. #bachelorofit #networksecurity #tafensw #distinctionaverage
My band @auraanimi are a part of this mini tour next month (Central Coast and Syndey only). Always great to play with our friends in #themaybelist Event: https://www.facebook.com/events/1931830986841993/
Hi Thailand (at Khon Kaen)
Linkin Park are the reason I make music. #linkinpark
Newcastle! We play the Hamilton Station Hotel on July 5 with Wildheart, Final Form, and The Maybe List! Free entry! Here is the event: https://www.facebook.com/events/579542179100448/
Playing in Newcastle next Wednesday with my band Aura Animi!
Culimomnibus CYSCA Challenge Writeup
DISCLAIMER: I am not a hacker
So I just woke up from a 12 hour slumber. This challenge took me probably longer than 10 hours and almost killed me, so as probably the least qualified person in universe, Iâm going to explain it.
This was the third challenge in the Corporate Pentesting challenge.
It asks you to assess an FTP server to see if you can leverage it to gain root access. In the previous challenge, youâre required to do a Zone transfer, and I saw that ftp.tictoc.cysca existed. So, I browsed to that address in my browser and there were some Windows shares. I was able to view some shared Software, including WinSCP Portable which is a Windows FTP client. I decided that was going to be helpful, as a portable version would probably store some user/session details within the same directory. I checked the .ini and saw the saved username and what looked like a hashed password for the user âmctargetâ:
Because WinSCP is a Windows application, I downloaded the .exe and the .ini to my Windows installation and ran it. It logged into the FTP server and I was able to go up a few directories and browse most of the server, however there were a few directories and files I was unable to view, including the /etc/sudoers file and the /root directory. This was due to the permissions that mctarget had.
I thought it would be helpful if I could get shell to the server instead of WinSCP so I could run some commands against the FTP server. The password from the ini file is hashed or encrypted though. Luckily, WinSCP allows you to copy the session URL to the clipboard: https://winscp.net/eng/docs/ui_generateurl
Using this, I was able to see the password in almost plaintext: S0Str0ng%21N0tFl%40gTh0
%21 is encoded for ! and %40 is encoded for @
The password for mctarget is S0Str0ng!N0tFl@gTh0
I used PuTTY to SSH into the FTP server. I knew that I needed to escalate mctargetâs privileges somehow. The sudoers file looked like a good place to start, but mctarget didnât have permission to view it.
After smashing my face against the keyboard, consuming more V than anyone had thought previously possible, and just hating life in general, I came across some posts about an exploit for editing files that you donât have permission to edit: https://www.exploit-db.com/exploits/37710/
The exploit seemed like it could help. It says you can use sudo -e to edit a file you donât have permission to access/view/execute if you run the âsudoeditâ command against a symlink that points to a file, rather than the file directly, so long as the âsudoersâ file has an entry with more than two wildcards, â*â.
CYSCA released a hint that basically said to use sudo -l. Research told me to use it multiple times, so I used âsudo -l -lâ and it showed me something interesting. I donât have access to the FTP server anymore, so Iâm doing this from memory:
/etc/bin/vi       /var/ftproot/[A-Z, a-z, 0-9]*
vi, Â of course, is a text editor. It looked like I could use the exploit detailed above if I placed a symlink to sudoers in the ftproot directory.
The command to create the symlink: ln -s /etc/sudoers /var/ftproot/home/mctarget/link
With the link in place, I was ready to try the exploit: sudo vi /var/ftproot/home/mctarget/link
And there it was â the sudoers file had opened in vi.
There was an entry that basically said âALL users have no sudo permissionsâ. I removed a single ! from the sudoers file (in vi, you press x) to change this. The file was readonly, however if you press ESC, then type :w! it would write to it anyway.
So, now mctarget has more sudo permissions! I used âsudo chmod 777 -R /rootâ to give mctarget full permissions to the root directory. I can now browse this directory. There was a file call flag.txt. Inside this file was the flag.
This may have taken me in excess of 10 hours, but, shut up.
Windows 10 Malware that compromises the recovery partition
A friend of mine managed to download some nasty malware through a torrent claiming to be data recovery software. I asked him to bring it over so I could have a look at it.
The usual suspects were apparent: The malware had taken over his browsers, changed his home page, changed his default program settings, he was unable to install Malwarebytes, etc. I also saw a lot of suspect Scheduled Tasks and the disk was running at 100% doing God knows what.
Interestingly, the recovery partition seemed to have been compromised, so we were unable to perform a Windows 10 Factory Reset. I explained that this was probably a good thing - as if the Malware was able to modify the recovery partition in anyway, it is better not to trust it and blow it away. We reinstalled Windows 10 using the official Media Creator tool from Microsoft, which is very handy. Windows 10 makes it more easy than ever to get legitimate Windows boot media, and itâs very helpful that Windows will automatically activate as it recognises some kind of hardware signature rather than using a serial key. Of course, it wonât have all the drivers, but Windows Update is usually very good at finding all of that automatically. Point is, in my opinion unless you created your own recovery media straight out of the box, I would always trust a vanilla Windows reinstall over the recovery partition on the drive in case it has been compromised.
Our first show is on the 23rd of February with @bayharbour-band, Diamond Construct, Of Divinity and Trojans. https://www.facebook.com/events/157573158067841
Tickets through Moshtix.
#theused
Thel life of an office dog
my literal homies #homies #hh #tbm
somewhere on the australian coast
I've been working on something over the last 8 months. It will be announced tomorrow at 3PM. #aa
seriously guys i need to be locked up #random! #freak
tune into twitch.tv/satiex for a live feed of a birds nest! #allitservices #connectedcommunities #birdsnest
In 2005 my brother and I became National Champions of the most anticipated video game up until that point. This documentary revisits a time in my life where I didn't suck at something and immortalises a time in competitive video game history before social media. Give it a suss: https://m.youtube.com/watch?feature=youtu.be&v=hATxjyt13g0
how to take over a domain name without talking to anyone
so a while ago I was tasked with recovering a domain name for a client. this particular client would purchase smaller businesses, including all of their digital assets at the same time. we needed to transfer the domain over to our registrar account so that we could redirect the name servers to our own, so we could change the DNS records to redirect the domain to our clients website, and redirect any of the old email addresses to relevant email addresses our clients exchange server. standard procedure.
the trouble is, a lot of the time, the domain names were purchased a long time ago, and while it's easy to find out who purchased it and the email address attached to it, it would be a saga to track down that person and convince them to hand over the domain name. for the domain name I was trying to take over, the people at the business our client had purchased didnât know anything about the domain or even who to talk to, so I had to check a few publicly available tools.
for a .com.au domain, you can use this web page: http://whois.ausregistry.com.au/whois/whois_local.jsp?
enter the domain, get passed the captcha and what you're after is the Registrant Contact Email address. a lot of the time this is an old bigpond or hotmail address and you'll be out of luck. if you're lucky, it might be a local it company who you can call. if you're really lucky the email address would belong to a domain that has expired. this was the case in this instance.
you can check this by grabbing the domain part of the email and putting it through the same whois lookup that i posted above. if no results are found, you're free to purchase the domain yourself, then set up an email address matching the one from the domain you are actually trying to take over. then, you can use this link http://whois.ausregistry.com.au/password_recovery/recover_password.jsp?tab=0 and an email with the transfer code will be emailed to your new email address, and you're done.
two things to think about it should be noted that there are rules that say you're not allowed to purchase a .com.au domain unless you gave good reason to, such as that it somehow relates to your abn, however unless someone makes a claim against it, i don't think the internet police will know/care
transferring a domain from one registrar to another doesn't actually change the abn/legal owner that is attached to it. you can check this by using the whois lookup page and looking at the Registrant and Registrant ID sections - the only way to change this is to submit a document to your registrar signed by both yourself and the previous/current owner.
so why did i read this? as a domain owner, make absolutely sure that you still have control over the email address you used to register the domain. that email address now becomes the single point of entry to your domain name. even if you don't care if that email gets compromised/expires, it can be used to take over your domain can now redirect your website, redirect your emails, and lock you out before you have any idea wtf is going on.