Profile picture
Brendan Dolan-Gavitt @moyix
, 7 tweets, 1 min read Read on Twitter
Quick story about a student who truly grasped the attacker mentality. In the Offensive Security course last semester, we had a challenge that needed to connect back out to a server controlled by you to get the flag.
On today's internet with all of its firewalls and NATs, that's not totally trivial. We'd set up the challenge so that it could connect to any machine on the campus network, and that worked fine for most people.
One student, however, was trying to get this done from off-campus, and he was behind a NAT he didn't control so he couldn't do port forwarding. What to do?
Well, one obvious answer is to go rent a VM or something like that for an hour. But was there another way?
Earlier in the semester, we'd hosted some web challenges, including one that had some simple command injection. The student realized that the challenge servers for those were still up and running.
And of course the web challenge server was on the same network as the connectback challenge – so no problem! He exploited the vulnerable web service and instead of grabbing a flag, used it to host a server to listen for the connectback challenge.
It worked, and he got the flag! And in doing so, demonstrated a key attacker capability: thinking creatively and moving laterally. :D
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Brendan Dolan-Gavitt
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!