about summary refs log tree commit diff
path: root/web/blog/posts
diff options
context:
space:
mode:
authorVincent Ambo <tazjin@google.com>2020-02-09T21·15+0000
committerVincent Ambo <tazjin@google.com>2020-02-09T21·16+0000
commitbd2d96d053382ddb122817a23d4a1db8ad400bb1 (patch)
treea2b8bb45d53fdb62c229fe3661a1fbd504ff91ea /web/blog/posts
parentde9f51de821154d19e2dbbfd4f95d35b5bf79860 (diff)
chore(web/blog): Move Watchguard images into static assets r/518
Rather than sending user data to imgur ... lets get rid of all the
external stuff!
Diffstat (limited to 'web/blog/posts')
-rw-r--r--web/blog/posts/reversing-watchguard-vpn.md14
1 files changed, 7 insertions, 7 deletions
diff --git a/web/blog/posts/reversing-watchguard-vpn.md b/web/blog/posts/reversing-watchguard-vpn.md
index 1f84e9e143cf..49e9ffa908d7 100644
--- a/web/blog/posts/reversing-watchguard-vpn.md
+++ b/web/blog/posts/reversing-watchguard-vpn.md
@@ -39,14 +39,14 @@ Diving into the client
 The first surprise came up right after opening the executable: It had
 debug symbols in it - and was written in Objective-C!
 
-![Debug symbols](https://i.imgur.com/EacIeXH.png)
+![Debug symbols](/static/img/watchblob_1.webp)
 
 A good first step when looking at an application binary is going through
 the strings that are included in it, and the WatchGuard client had a lot
 to offer. Among the most interesting were a bunch of URIs that looked
 important:
 
-![Some URIs](https://i.imgur.com/4rg24K5.png)
+![Some URIs](/static/img/watchblob_2.webp)
 
 I started with the first one
 
@@ -70,7 +70,7 @@ Inserting the correct username and password into the query parameters
 actually triggered the process that sent a token to my phone. The
 response was a simple XML blob:
 
-``` {.example}
+```xml
 <?xml version="1.0" encoding="UTF-8"?>
 <resp>
   <action>sslvpn_logon</action>
@@ -97,7 +97,7 @@ response.
 
 *(Code snippets from here on are Hopper\'s pseudo-Objective-C)*
 
-![sslvpnLogon](https://i.imgur.com/KUK6MPz.png)
+![sslvpnLogon](/static/img/watchblob_3.webp)
 
 It proceeded to the function `-[VPNController processTokenPrompt]` which
 showed the dialog window into which the user enters the token, sent it
@@ -105,12 +105,12 @@ off to the next URL and checked the `logon_status` again:
 
 (`r12` is the reference to the `VPNController` instance, i.e. `self`).
 
-![processTokenPrompt](https://i.imgur.com/y6eYHxG.png)
+![processTokenPrompt](/static/img/watchblob_4.webp)
 
 If the `logon_status` was `1` (apparently \"success\" here) it proceeded
 to do something quite interesting:
 
-![processTokenPrompt2](https://i.imgur.com/f5dAsHD.png)
+![processTokenPrompt2](/static/img/watchblob_5.webp)
 
 The user\'s password was overwritten with the (verified) OTP token -
 before OpenVPN had even been started!
@@ -123,7 +123,7 @@ remotely control an `openvpn` process by sending it commands over TCP.
 It then simply sent the username and the OTP token as the credentials
 after configuring OpenVPN with the correct config file:
 
-![doLogin](https://i.imgur.com/YLxxpKD.png)
+![doLogin](/static/img/watchblob_6.webp)
 
 ... and the OpenVPN connection then succeeds.