Microsoft has given us the ability to report messages as Junk or Phishing to help improve their accuracy.  I would love to customize what they've given us to send messages elsewhere but Microsoft didn't provide us with that option.  

    The problem is that not all messages are black & white obvious and users might not be able to determine the legitimacy of a message.  I would love a single click button that would forward suspicious email to our team where we can give it a hard look.  Now thinking about that scenario for a second -- if a user forwards spam, it could get flagged on our end as spam.  

    Spoiler alert:  We're going to create such a button.  In the design, we're going to forward the message to a specific address that we can whitelist to prevent the forwarded message from getting trapped on our end.  In addition, we're going to change the subject to one that allows for easy identification.  


    I've seen quite a few good phishing emails and, generally speaking, the object is to get you to open or click on something.  Often times, clients will forward messages to me and ask me for my opinion before opening and / or clicking.  I got one of those emails and I moved it over to the burner machine for investigation.  Maybe you've seen this particular approach but it's a new one for me as far as seeing it in the wild.  It looks like an attachment and it's from a known sender domain.  

    Right off the bat, it seems suspicious because it got flagged on my end before it even got to me.  


    I'm a big fan of people who take time out of their day to help others in the community, especially with something as time consuming as building a vulnerable server.  So when I state that I don't really like the capture the flag style boxes, it's nothing against the maker and it's just a personal preference.  I'm sure it's enhancing my critical thinking skills and I should be happy with that but sometimes these challenges frustrate me. 

    FristiLeaks is one of those boxes that tested my patience.  My frustration came out at the end when I saw how I was supposed to conquer this box and instead I went for the kernel exploit.  Granted the kernel exploit is the fastest way to root so there's that but the author had intended for it to be more of a game.  

    Anyway, in protest:


    The other day, I mentioned the importance of documentation and it got me to thinking about screenshots -- and from there, to EyeWitness.  The description for EyeWitness states:  "EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible."

    I've used it to take screenshots of websites, not much else.  You feed it a list of URLs, point it to that list, and it will create clean screenshots of whatever you feed it.  

    Then I got to thinking -- if only it could....

    Before I get to this little hack-y script, let me mention an error that you could possibly get when running EyeWitness.  This could be on an existing Kali machine or even a brand new install.  If you happen to see:


    As I like to do in my spare time, I work on vulnerable machines for my continuing education.  The vuln box W1R3S: 1.0.1 crossed my path and I uncovered a previously seen entry point with a new twist.  Aside from this new twist, if you've come in through this door, you know how to get through, you just have to work it a little more than the previous times you've seen it.  I'm going to leave it at that because this isn't a walk-through and I'm probably spoiling too much already.  

    While enumerating the box, I saw what I believe to be an intentional rabbit hole and it seemed like a great way to play around with Burp's Invisible Proxy.  

    Starting from the beginning, we kick off with an Nmap scan:


    I've been playing around with VirtualBox which has enabled me to load up servers that I was previously unable to get working in my 'go to' hypervisor.  With a variety of servers to practice on with varying degrees of difficulty, this has been beneficial if for no other reason than because it allows me to take 30-60 minutes, focus on an easier box, write it up, and then move on about my day.

    In that amount of time, I can stay focused, with few interruptions, and follow the thread wherever it leads me.  I often find harder boxes, requiring more time, will seem much harder than reality only because I lose my concentration, lose my place, and sometimes there are large gaps in time between where I left off and where I begin again.  So much so that I often scrap all of my notes and start from the beginning.

    Bottom-line -- the more variety we get, the more well-rounded we'll become. 


    © 2020 sevenlayers.com