musings from the brainpan

Hell Hacking Challenge

One of the latest and more challenging boot2roots released on VulnHub as of late is Hell. This boot2root by Peleus has appeared to cause quite a bit of hair pulling and teeth gnashing whenever it’s mentioned on IRC. I initially started off with his beta version but had to put it away when I got too busy with work. When I was finally ready to try again, the official version had been released, so I downloaded it and started over.

Hades Hacking Challenge

A few weeks ago, VulnHub hosted the Hades competition; a capture the flag challenge created by Lok_Sigma. Hades is touted as a difficult boot2root, requiring some experience in exploit writing and reverse engineering. The competition ran for a good 4 weeks, and with submissions now closed, I’ve decided to go ahead post my solution.

From Fuzzing to 0-day

A couple of days ago, I found an interesting bug during a fuzzing session that led to me creating a 0-day exploit for it. I’ve been asked a few times about the methods I use to find bugs and write exploits, so I’ve decided to take this opportunity to describe one particular workflow I use. In this post, I’ll take you through finding a bug, analzying it, and creating a functional exploit.

Multi-Factor Authentication With SSH on OS X

This is a quick guide on how to setup multi-factor authentication with SSH using Google Authenticator. The goal is to require three items from the user in order to complete the authentication: SSH authentication keys, the user’s password, and a one-time password using Google Authenticator.

Leaving Blogger and Moving to GitHub Pages

My first post on Blogger was on October 9, 2009. It’s been a good run, and I’ve enjoyed using Blogger for quickly sharing things with the Internet. For various reason, I’ve grown tired of Blogger, and I’ve decided to migrate over to GitHub Pages. Making the transfer took a bit of time and trial and error. Octopress made the migration relatively simple and so far, I’m pretty happy with the results.

De-ICE Hacking Challenge: Part 6

This is a walkthrough on De-ICE S1.140, available for download at VulnHub. This release was much anticipated and took a while to get released to the public. It’s a little tougher than the previous De-ICE challenges, but uses a similar formula of password cracking and guessing.

De-ICE Hacking Challenge: Part 4

This is a quick walkthrough on solving the De-ICE S1.120 A challenge which can be downloaded here:,10/. Interestingly, I wasn’t aware that this boot2root even existed until a couple of nights ago when someone mentioned it on IRC. After doing a bit of searching, it turns out there are at least three that I haven’t had a go at popping. So with that in mind, I decided to load up S1.120 A and take the challenge.

Relativity Hacking Challenge

Several weeks ago, Sagi released his own challenge named Relativity to the public. It had been a while since I’d done a good boot2root, and so eager for a challenge, I grabbed it off VulnHub and loaded it into VMware.