KernelPicnic
BKP CTF - Good Morning (Wonderland)
Over the last two days I’ve been participating in the Boston Key Party (BKP) CTF with a group ephemerally known as ‘Fear Of A Whitehat Planet’. In the end, we didn’t do too badly - with all of the web challenges, a couple of crypto, and only one of the...
BKP CTF - Bug Bounty (Suffolk Downs)
Over the last two days I’ve been participating in the Boston Key Party (BKP) CTF with a group ephemerally known as ‘Fear Of A Whitehat Planet’. In the end, we didn’t do too badly - with all of the web challenges, a couple of crypto, and only one of the...
9447 CTF - Super Turbo Atomic GIF Converter
Over the last two days I’ve been participating in the 9447 CTF with a group ephemerally known as ‘Moose 1v1’. As this was my first participation in any form of CTF, and our team managed to snatch the silver for being the second to solve this particular challenge, I thought...
Multiple vulnerabilities in D-Link and TRENDnet 'ncc2' service
A number of D-Link and TRENDnet devices provide web management through the use of two services; jjhttpd for serving web content, and ncc2 for executing CGI requests. Unfortunately, there are a few vulnerabilities that exist in the ncc2 service which can allow for an attacker on the local network -...
NetGear SOAPWNDR Authentication Bypass
A number of WNDR series devices contain an embedded SOAP service for use with the NetGear Genie application. This service allows for viewing and setting of certain router parameters, such as: WLAN credentials and SSIDs. Connected clients. Guest WLAN credentials and SSIDs. Parental control settings. At first glance, this service...