2022

Evilnginx2

DISCLAIMER: All infrastructure, accounts and domains were used temporarily on accounts and domain I own and were not used to conduct real phishing attacks. DO NOT attempt to attempt phishing attacks on users without their prior permission. Introduction Evilnginx2 is a reverse proxy type phishing kit/framework, designed to be the man in the middle between a user and a service such as Microsoft 365. It is simple to use requiring simply a linux server with docker installed, it’s small enough also that it can be run on a AWS ec2.

KringleCon 2022 Jolly CI/CD

Hello, this is my write up of the Jolly CI/CD challenge for kringlecon 2022. The aim of this challenge is to expoit the CI/CD pipeline and gain access to the wordpress server. I can say this is a pretty difficult challenge and really gets you thinking. The challenge requires knowledge of git and how CI/CD pipelines work. Note: This challenge does take 4-5 minutes to start all of the containers required for the challenge.

KringleCon 2022 Prison Escape

Hello, this is my write up of the Prison Escape challenge for kringlecon 2022. The aim of this challenge is to escape a container aka a container breakout. I must admit I did run down a rabbit hole when doing my first attempt but once I realised the answer it became quite obvious. Below here we have the starting terminal which you see when starting the challenge. Typically the first thing I do when I have a shell whether it be a vm or container is check whether I have sudo privileges, most often than not low privilege users are given more sudo privileges than they actually need, this creates a security risk and path for an attacker to escalate to root.