cracking the infernal hades

About a month ago, Vulnhub released a boot2root image built by Lok_Sigma called Hades. The box promised to be full of annoyances and it delivered them in droves. Requiring a combination of exploit development, reverse engineering and some out of the box thinking, I really enjoyed this challenge. I decided to share my solution now that the competition is over. It goes without saying this post has a lot of SPOILERS!

Big thanks go out to the Vulnhub team for the awesome work they do. Follow them on Twitter to keep up with the latest releases.

If you want to tackle Hades yourself, you can grab a copy of the machine here.


is robots.txt dead? lets ask dropbox

First off I’d like to give creds to Francis Brown and Rob Ragan who presented their talk Tenacious Diggity at Defcon20 where I found out about the apparent steam-rolling of Dropbox’s robots.txt file. For as far back as I can remember, the robots.txt file has been a ban-list of places that search engine crawlers are supposed to ignore when crawling a site. Recently however there is some talk that the preferred way of disallowing crawlers is to control them using alternative methods such as metatags and javascript.

It may appear however, that Google has already decided that robots.txt is merely a bug heading towards it’s windscreen and is indexing pages that are excluded via the robots.txt as is apparent with Dropbox.

d0x’n myself beats the “hello world” post

My name is Ryan and I live in Sydney. My history is extremely boring and full of horror stories from racist countries so I’ll skip to 5 years ago in a hotel room in Perth, shortly after I moved to Australia. I liked to call myself an IT Professional but in all honesty I was a Windows Systems Administrator for 13 years who discovered that you can actually make a living breaking into peoples shit….ethically of course!

I met a guy in a downstairs bar of a hotel I was staying in and after shooting the shit and finding out we both worked in IT he told me why he was there. He was performing a Penetration Test of that hotel and he explained his life of planes, hotels and laptops and  after showing me my first ever exploit, I realised I wanted…no…NEEDED to be him! I wanted his life and I wanted his sorcery! I can’t remember his name but if you are reading this, get in touch!

Long story short, I … read more