Shmoocon Epilogue 2014 Talks – Videos

I recorded all the talks at this year’s NoVA Hackers – Shmoocon Epilogue 2014 and have uploaded them to YouTube and assembled them in a playlist:

Shmoocon Epilogue 2014 Complete Video Playlist

If you want to jump straight to a talk, here is each talk individually.

  1. Curt Shaffer & Judah Plummer – Application Whitelisting
  2. mubix – Attacker Ghost Stories
  3. grecs – Project Kid Hack
  4. Liam Randall (Hectaman) – Hash All the Things
  5. Hank Leininger – Password Topology
  6. aricon – Statistical Probabilities
  7. Sean Pierce – Educational Malware
  8. Tobias McCurry - BACKFIL – Finding those backup files
  9. N1tr0 – Gone Phishing and I Want My Hook Back!
  10. Christopher Truncer and Harmj0y - AV Evasion with the Veil Framework

If you think the video production of these videos is something you’d be interested for your organization, please contact me at Cranial Thunder Productions. –Brett Thorson

iPXE – Don’t just boot that ISO

Continuing with my trials and tribulations with PXE booting and iPXE.  Today we discuss why booting straight to an ISO isn’t the best idea in the world.

Once I got the latest and greatest version of iPXE on the system, I had high hopes of just booting ISOs straight into the machine.  I tried this earlier with ProxMox, and it booted with an error that it couldn’t find the CD-Rom.

This was a problem because the system didn’t expect to boot off of.. nothing (aka the network).  So it still involved mounting a USB thumb drive, and performing the install off that.

One of the other reasons not to just boot isos over HTTP is due to memory.  I wanted to do this, but then I found this posting that says, “Yeah, that’s great, until you run out of memory.  That’s why we all use NFS”.  Oh, OK.  I guess I’ll just use NFS.

So once I realized just to use NFS, I got to pulling apart Robin’s extensive menuing system to just the basics of what I needed. I was having troubles though with my ubuntu booting.

Since I was going to use NFS, and I got my menuing system to work, I ignored my HTTP log.  Bad move.  I was getting an error as it was trying to load the kernel and initrd.  It couldn’t find it, and then I found this little note in the documentation for the command.

 If this command is executed from within an iPXE script, then the URI will be interpreted as being relative to the URI of the script itself. For example, if the script contains the line

kernel pxelinux.0

then iPXE will download and select

That’s REALLY useful information.  Once I put the data in the web server (with the proper permissions, as that was another error) I could successfully boot into Xubuntu.

And then give up trying to boot just about anything else, because trying to reformat it, or figure out the secret sauce to get something like Kali or CentOS NFS booted seemed like a lot of work, I’d never really need to use.

So good luck!

PXE Gotchas – What version of iPXE are you running?

I finally got to my goal of getting PXE booting, well specifically iPXE boot working.  However, I gave up short of my goal of PXE booting EVERYTHING!  Here are a few of the gotchas I ran into, hopefully they will help you when you run into them.

Versioning aka (What version is that PXE in the booter?)

Even though you are running a 1.0.0 version of PXE boot, there seem to be wild variations in that version.  For instance, the version I was using inside KVM was 1.0.0-591-g7aee315

It looked like it was a full featured version, but it wasn’t, as you can see from my previous post about some undocumented commands.

The current scripts provided by “The Man” seem to just look at the features provided by the iPXE in the DHCP Client DHCPDISCOVER request.  However, I wanted a more controlled approach, so I wrote this little script to find out what the version is from the client, and upgrade it if it isn’t the latest and greatest.


set CURRENTVER 1.0.0+ (bf15) 

#If a version is set, go check the version, otherwise upgrade to a version of
#  iPXE that will supply a version
isset ${version} && goto check_version ||
echo "No version supplied, upgrading"

#We received a version from the iPXE loader.  Check to see if it is current
#  if it is, continue to the boot menu, if not, upgrade to a better version
iseq ${version} ${CURRENTVER} && goto good_version ||
echo "Not the current version, upgrading"

#Version is up to date.  Let's boot.
# Global variables used by all other iPXE scripts
chain --autofree boot.ipxe.cfg ||
echo "Lets go to the menu"
chain --replace --autofree ||
echo "Well something went horribly wrong"

Now the scripts from “The Man” go through a set of feature flags.  That makes sense, as it actually checks if the version of iPXE you are trying to use has the features you actually need.  That way, you shouldn’t really care about the version, it checks to see if the features are available, and compiled into the iPXE version you are trying to use.

Also note that since I control the VM host, I could have dropped the iPXE ROM into the host system, and it would have automatically updated the system, but really.. where is the fun in that.  This way, I only have to update the file in one place, and everything else will automatically upgrade itself, or at least update itself.

iPXE unrecognised option autofree – Solved

Seems I am one of the only people to run into certain bugs.  Not sure why, but that’s my life.  Tonight it was an issue with iPXE.

See, I’m trying to setup a PXE boot server for my house, and possibly for ShmooCon.  We’re still in the experimental stages for all of this.  I did what the documentation stated, installed iPXE through apt-get, moved everything where it needed to be, and used the scripts from the iPXE website.

Then.. nothing worked.

I didn’t assume it would work right away, but the error I ran into was REALLY peculiar.

unrecognised option –replace


unrecognised option –autofree

Looking around for some clues, I found nothing.  Seems this works flawlessly for others.  Looking around for documentation, I also found nothing.  Seems these options aren’t really documented.

So I did what I do when I reach the end of my rope.  Hop on Freenode, and hope there is a channel.  Sure enough, there was #ipxe and luckily “The Man” himself answered my question.

you must use the latest git master branch, not the 1.0.0 tag

So after using git to get the latest version, and plopping that into the boot path, sure enough, those options are now recognized.

The short of it is… don’t trust any of the iPXE stuff in distro repositories or built into the VMs you are booting (in my case KVM virtual machines through ProxMox).

Git, compile, and use the latest.

Update: If you are as new to this as I am. Or (if like me) you’ve always wondered about the voodoo that happens when your screen just displays “_” in the upper left hand corner, check out this website run by “The Man” aka (Robin Smidsrød).  The page I dropped you into explains how the boot process works.  Great stuff on the entire site.

2013-12-20 Acoustical Networking / Extracting RSA keys with sound / Bitcoin values / Cyrpto Locker / Green Light Special on Mac Cameras

2013-12-12 Android vuln removes locks / dark-rose / Google Beyond Corp / ITU 1Gbps over Copper

Sky Dog Con 2013 Electronic Badge (Uber)

I was lucky enough to receive a Sky Dog Con Uber (Black) badge for my contribution to the Duplicity CTF I help run in Nashville for the past two years.

This year, at SkyDogCon, they gave away a REALLY cool electronic badge.  I mean, wow!  There were some production issues that were faults only of people across oceans.  So to show off the full functionality, I made this video.

Here is my overview of the badge, hope it is useful, and or interesting.

2013-10-29 LinkedIntro/Syria Hackers/Toyota sudden acceleration/China Spies/Adobe Breach