Main Page

From aldeid
Jump to navigation Jump to search

Pentesting   •    Web Exploitation   •    Cryptography   •    Forensics   •    Reversing   •    Binary Exploitation   •    CTF

email twitter github RSS

Icon-Vulnhub-Cherry-1.png

Vulnhub > Cherry 1

Tue, 22 Sep 2020 18:21:00 +0000

Easy challenge involving web enumeration, source code disclosure vulnerability, and privilege escalation.

Read more

Icon-Vulnhub-Chili-1.png

Vulnhub > Chili 1

Sun, 20 Sep 2020 18:21:00 +0000

Brute force an FTP account and add a privileged account in a world-writable "/etc/passwd" file to get the root flag.

Read more

Icon-HackTheBox-Machines-OpenKeyS.png

HackTheBox > Machines > OpenKeyS

Sat, 19 Sep 2020 21:13:00 +0000

Exploit an authentication bypass vulnerability and the CVE-2019-19520 vulnerability to get the user and root flags on an OpenBSD target.

Read more

Icon-tryhackme-Jacob-the-Boss.png

TryHackMe > Jacob the Boss

Sat, 19 Sep 2020 08:17:00 +0000

Easy challenge around the discovery and exploitation of JBOSS vulnerabilities.

Read more

Icon-HackTheBox-Machines-Tabby.png

HackTheBox > Machines > Tabby

Thu, 17 Sep 2020 20:08:00 +0000

Easy difficulty challenge combining several interesting techniques enumeration, local file inclusion, password protected archive, upload of a reverse shell in the Tomcat manager, privilege escalation via custom image to exploit the lxd container.

Read more

Icon-HackTheBox-Machines-Cache.png

HackTheBox > Machines > Cache

Thu, 17 Sep 2020 06:45:00 +0000

Medium difficulty challenge where you'll need to dicover hidden locations to discover credentials, reveal hidden virtual hosts, exploit a vulnerable application with SQL injection, find a remote execution exploit, exploit memcached and docker. A lot of content to learn!

Read more

Icon-HackTheBox-Machines-Admirer.png

HackTheBox > Machines > Admirer

Sat, 12 Sep 2020 14:14:00 +0000

Enumerate the machine and discover a vulnerable adminer application. Exploit it to get an initial shell. Hook a python library to elevate your privileges and get a root access.

Read more

Icon-HackTheBox-Machines-Blunder.png

HackTheBox > Machines > Blunder

Tue, 8 Sep 2020 21:00:00 +0000

Interesting challenge, with a CMS that I was not aware of: Bludit CMS.

Read more

Icon-tryhackme-Jeff.png

TryHackMe, Jeff

Sun, 6 Sep 2020 22:00:00 +0000

This is the hardest TryHackMe challenge that I've done so far, but also the most interesting one. You'll need to go through many steps before accessing the user flag. It combines hidden locations, virtual hosts, password protected backup files, Wordpress enumeration, docker evasion, restricted bash evasion, and much more. Very nice challenge!

Read more

Icon-tryhackme-Mindgames.png

TryHackMe, Mindgames

Fri, 4 Sep 2020 21:03:00 +0000

The user flag is quite easy to get, but the root flag requires a privilege escalation that is a bit challenging. You'll need to exploit the capabilities of openssl and compile your own *.so library.

Read more

Older entries »