Archives/2020

From aldeid
Jump to navigation Jump to search
Icon-HackTheBox-Machines-Admirer.png

HackTheBox > Machines > Admirer

Sat, 12 Sep 2020 14:14:00 +0000

Enumerate the machine and discover a vulnerable adminer application. Exploit it to get an initial shell. Hook a python library to elevate your privileges and get a root access.

Read more

Icon-HackTheBox-Machines-Blunder.png

HackTheBox > Machines > Blunder

Tue, 8 Sep 2020 21:00:00 +0000

Interesting challenge, with a CMS that I was not aware of: Bludit CMS.

Read more

Icon-tryhackme-Jeff.png

TryHackMe, Jeff

Sun, 6 Sep 2020 22:00:00 +0000

This is the hardest TryHackMe challenge that I've done so far, but also the most interesting one. You'll need to go through many steps before accessing the user flag. It combines hidden locations, virtual hosts, password protected backup files, Wordpress enumeration, docker evasion, restricted bash evasion, and much more. Very nice challenge!

Read more

Icon-tryhackme-Mindgames.png

TryHackMe, Mindgames

Fri, 4 Sep 2020 21:03:00 +0000

The user flag is quite easy to get, but the root flag requires a privilege escalation that is a bit challenging. You'll need to exploit the capabilities of openssl and compile your own *.so library.

Read more

Icon-tryhackme-Internal.png

TryHackMe, Internal

Thu, 3 Sep 2020 17:11:00 +0000

Interesting challenge where you'll need to enumerate services, discover hidden directories, brute force accounts, create reverse shells. The challenging part will be to exploit a local Jenkins installation running in Docker, and exploit it to get the root flag.

Read more

Icon-tryhackme-Develpy.png

TryHackMe, Develpy

Thu, 2 Jul 2020 21:33:00 +0000

boot2root machine for FIT and bsides Guatemala CTF. Interesting challenge with code injection in a python program running on a socket. Classical root escalation via the crontab jobs.

Read more

Icon-tryhackme-djinn.png

TryHackMe, djinn

Thu, 2 Jul 2020 06:50:00 +0000

Intermediate level vulnerable box. Great adventure with FTP, SSH, port knocking, python scripting, decompiling and evasion.

Read more

Icon-tryhackme-Node-1.png

TryHackMe, Node 1

Fri, 26 Jun 2020 06:50:00 +0000

Node is a medium level boot2root challenge, originally created for HackTheBox. This challenge requires several techniques to exploit the machine, which makes it a great journey into hacking (nodejs, password cracking, password encrypted backup, privesc, exploit with mongodb, reverse engineering, ..). This is a great challenge!

Read more

Icon-tryhackme-HA-Joker-CTF.png

TryHackMe, HA Joker CTF

Tue, 23 Jun 2020 12:00:00 +0000

Enumerate services, brute force accounts, discover a hidden backup, crack hashes and escalate privileges using a Linux container.

Read more

Icon-tryhackme-Blueprint.png

TryHackMe, Blueprint

Sun, 21 Jun 2020 09:11:00 +0000

Exploit a vulnerable OSCommerce web application hosted on a Windows 7 machine. Upgrade your shell session to a meterpreter in Metasploit, and dump the password hashes.

Read more

Icon-tryhackme-UltraTech.png

TryHackMe, UltraTech

Sat, 20 Jun 2020 09:00:00 +0000

Discover hidden routes in nodes.js using fuzzing techniques, and exploit an API. Then escalate your privileges exploiting docker.

Read more

Icon-tryhackme-cmess.png

TryHackMe, CMesS

Thu, 18 Jun 2020 23:28:00 +0000

Can you root this Gila CMS box? In this challenge by TryHackMe, you'll discover a CMS called Gila CMS and you will have to exploit it to get root.

Read more

Icon-tryhackme-jack.png

TryHackMe, Jack

Thu, 18 Jun 2020 18:38:00 +0000

TryHackMe, Jack is a nice challenge where you'll have to exploit a vulnerable Worpress installation and escalate your privileges.

Read more

Icon-mysql-overflow-varchar.png

Overflow MySQL VARCHAR()

Fri, 24 Apr 2020 12:53:00 +0000

This post shows how you can overflow a VARCHAR() field and exploit it to access unexpected data from the database.

Read more

Icon-dev-usbmon.png

What are /dev/usbmon{N} interfaces

Mon, 23 Mar 2020 20:30:00 +0000

Understand what /dev/usbmon{N} interfaces are, how to capture USB traffic and how to interpret captured data.

Read more

Icon-dev-input-event.png

What is inside /dev/input/

Tue, 17 Mar 2020 16:00:00 +0000

Understand what is inside your /dev/input/ directory and see how you can use it to develop a keylogger.

Read more

Older entries »