zacheller@home:~/blog$

  • TryHackMe - Google Dorking

    Ye Ol’ Search Engine “Search Engines” such as Google are huge indexers – specifically, indexers of content spread across the World Wide Web. They use “Crawlers” or “Spiders” to search for this content across the World Wide Web. Let’s Learn About Crawlers The diagram below is a high-level abstraction of...

  • pwnable.kr - collision

    Prompt Daddy told me about cool MD5 hash collision today. I wanna do something like that too! ssh col@pwnable.kr -p2222 (pw:guest) Solution We are given 3 files: col, col.c, and flag. We cannot open flag, but can read col.c and run the executable. #include <stdio.h> #include <string.h> unsigned long hashcode...

  • CNSS Certified Network Security Specialist

    The International Cybersecurity Institute (ICSI) had an free offer on their Certified Network Security Specialist course due to COVID, so I thought I’d take advantage. I finished the course in about a week and took a bunch of notes which you can find on SecWiki. My certificate of completion can...

  • Vulnhub - DC: 1

    Here’s a walkthrough for the first VM in the DC Vulnhub series. Enumeration nmap $ portscan 10.10.10.5 Open ports: 22,80,111,44029 Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-11 15:21 EDT Nmap scan report for devel.htb (10.10.10.5) Host is up (0.00031s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.0p1...

  • Autopsy Digital Forensics Certificate

    Digital forensics first came on my radar in CTF competitions. Though I find those challenges fun, I quickly came to learn that they are not quite representative of real world digital forensics, usually done by law enforcement. I heard that there was a digital forensics course being offered for free...

  • TryHackMe - Basic Pentesting

    This room is about: brute forcing hash cracking service enumeration Linux Enumeration I thought this would be a good exercise to introduce my friend @jeongm-in from my CTF team to system exploitation. First we deploy the machine, and use OpenVPN to connect to the TryHackMe network. We run nmap (or...

  • pwnable.kr - fd

    Prompt Mommy! what is a file descriptor in Linux? ssh fd@pwnable.kr -p2222 (pw:guest) Solution We are given 3 files: fd, fd.c, and flag. We cannot open flag, but can read fd.c and run the executable. #include <stdio.h> #include <stdlib.h> #include <string.h> char buf[32]; int main(int argc, char* argv[], char* envp[]){...

  • HackTheBox - Resolute

    Target: 10.10.10.169, resolute.htb Scanning I use a portscan script that uses nmap to find all open ports, then runs a deeper nmap scan on those specific ports for efficiency. root@kali:~/HackTheBox/Resolute# portscan resolute.htb Open ports: 53,88,135,139,389,445,464,593,636,3268,3269,5985,9389,47001,49664,49665,49666,49667,49671,49676,49677,49688,49709,60468 Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-19 15:30 EDT Nmap scan report for resolute.htb...

  • STL OWASP QUARANTINE CTF

    Capture the Flag (CTF) is a type of computer security competition usually designed to serve as an educational exercise to give participants experience in analyzing and exploiting security flaws. To give people more to do indoors, Chris Elbring and I developed the fully remote QUARANTINE CTF hosted by STL OWASP....

  • Dabbling in Open Source

    I was searching Up For Grabs for an open-source project to work on and stumbled upon an interesting tool called passthief that I figured would be useful in pentesting. I analyzed all the modules in anticipation for writing the Firefox password extracter module. In Linux, I found the two files...