From bd2d96d053382ddb122817a23d4a1db8ad400bb1 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sun, 9 Feb 2020 21:15:33 +0000 Subject: chore(web/blog): Move Watchguard images into static assets Rather than sending user data to imgur ... lets get rid of all the external stuff! --- web/blog/posts/reversing-watchguard-vpn.md | 14 +++++++------- web/homepage/static/img/watchblob_1.webp | Bin 0 -> 32310 bytes web/homepage/static/img/watchblob_2.webp | Bin 0 -> 22958 bytes web/homepage/static/img/watchblob_3.webp | Bin 0 -> 28614 bytes web/homepage/static/img/watchblob_4.webp | Bin 0 -> 52224 bytes web/homepage/static/img/watchblob_5.webp | Bin 0 -> 13492 bytes web/homepage/static/img/watchblob_6.webp | Bin 0 -> 31048 bytes 7 files changed, 7 insertions(+), 7 deletions(-) create mode 100644 web/homepage/static/img/watchblob_1.webp create mode 100644 web/homepage/static/img/watchblob_2.webp create mode 100644 web/homepage/static/img/watchblob_3.webp create mode 100644 web/homepage/static/img/watchblob_4.webp create mode 100644 web/homepage/static/img/watchblob_5.webp create mode 100644 web/homepage/static/img/watchblob_6.webp diff --git a/web/blog/posts/reversing-watchguard-vpn.md b/web/blog/posts/reversing-watchguard-vpn.md index 1f84e9e143..49e9ffa908 100644 --- a/web/blog/posts/reversing-watchguard-vpn.md +++ b/web/blog/posts/reversing-watchguard-vpn.md @@ -39,14 +39,14 @@ Diving into the client The first surprise came up right after opening the executable: It had debug symbols in it - and was written in Objective-C! -![Debug symbols](https://i.imgur.com/EacIeXH.png) +![Debug symbols](/static/img/watchblob_1.webp) A good first step when looking at an application binary is going through the strings that are included in it, and the WatchGuard client had a lot to offer. Among the most interesting were a bunch of URIs that looked important: -![Some URIs](https://i.imgur.com/4rg24K5.png) +![Some URIs](/static/img/watchblob_2.webp) I started with the first one @@ -70,7 +70,7 @@ Inserting the correct username and password into the query parameters actually triggered the process that sent a token to my phone. The response was a simple XML blob: -``` {.example} +```xml sslvpn_logon @@ -97,7 +97,7 @@ response. *(Code snippets from here on are Hopper\'s pseudo-Objective-C)* -![sslvpnLogon](https://i.imgur.com/KUK6MPz.png) +![sslvpnLogon](/static/img/watchblob_3.webp) It proceeded to the function `-[VPNController processTokenPrompt]` which showed the dialog window into which the user enters the token, sent it @@ -105,12 +105,12 @@ off to the next URL and checked the `logon_status` again: (`r12` is the reference to the `VPNController` instance, i.e. `self`). -![processTokenPrompt](https://i.imgur.com/y6eYHxG.png) +![processTokenPrompt](/static/img/watchblob_4.webp) If the `logon_status` was `1` (apparently \"success\" here) it proceeded to do something quite interesting: -![processTokenPrompt2](https://i.imgur.com/f5dAsHD.png) +![processTokenPrompt2](/static/img/watchblob_5.webp) The user\'s password was overwritten with the (verified) OTP token - before OpenVPN had even been started! @@ -123,7 +123,7 @@ remotely control an `openvpn` process by sending it commands over TCP. It then simply sent the username and the OTP token as the credentials after configuring OpenVPN with the correct config file: -![doLogin](https://i.imgur.com/YLxxpKD.png) +![doLogin](/static/img/watchblob_6.webp) ... and the OpenVPN connection then succeeds. diff --git a/web/homepage/static/img/watchblob_1.webp b/web/homepage/static/img/watchblob_1.webp new file mode 100644 index 0000000000..27e588e1a1 Binary files /dev/null and b/web/homepage/static/img/watchblob_1.webp differ diff --git a/web/homepage/static/img/watchblob_2.webp b/web/homepage/static/img/watchblob_2.webp new file mode 100644 index 0000000000..b2dea98b4f Binary files /dev/null and b/web/homepage/static/img/watchblob_2.webp differ diff --git a/web/homepage/static/img/watchblob_3.webp b/web/homepage/static/img/watchblob_3.webp new file mode 100644 index 0000000000..99b49373b5 Binary files /dev/null and b/web/homepage/static/img/watchblob_3.webp differ diff --git a/web/homepage/static/img/watchblob_4.webp b/web/homepage/static/img/watchblob_4.webp new file mode 100644 index 0000000000..41dbdb6be1 Binary files /dev/null and b/web/homepage/static/img/watchblob_4.webp differ diff --git a/web/homepage/static/img/watchblob_5.webp b/web/homepage/static/img/watchblob_5.webp new file mode 100644 index 0000000000..c42a4ce1bc Binary files /dev/null and b/web/homepage/static/img/watchblob_5.webp differ diff --git a/web/homepage/static/img/watchblob_6.webp b/web/homepage/static/img/watchblob_6.webp new file mode 100644 index 0000000000..1440761859 Binary files /dev/null and b/web/homepage/static/img/watchblob_6.webp differ -- cgit 1.4.1