zacheller@home:~/blog$

  • pwnable.kr - cmd2

    Prompt Daddy bought me a system command shell. but he put some filters to prevent me from playing with it without his permission… but I wanna play anytime I want! ssh cmd2@pwnable.kr -p2222 (pw:flag of cmd1) Files We are given an executable cmd2, its source cmd2.c, and a flag file....

  • pwnable.kr - cmd1

    Prompt Mommy! what is PATH environment in Linux? ssh cmd1@pwnable.kr -p2222 (pw:guest) Files We are given an executable cmd1, its source cmd1.c, and a flag file. cmd1.c: #include <stdio.h> #include <string.h> int filter(char* cmd){ int r=0; r += strstr(cmd, "flag")!=0; r += strstr(cmd, "sh")!=0; r += strstr(cmd, "tmp")!=0; return r;...

  • TryHackMe - Common Linux Privesc

    Enumeration First, lets SSH into the target machine, using the credentials user3:password. This is to simulate getting a foothold on the system as a normal privilege user. What is the target’s hostname? user@**polobox** Look at the output of /etc/passwd how many “user[x]” are there on the system? user3@polobox:~$ grep /etc/passwd...

  • TryHackMe - Intro to Python

    Challenge Location: TryHackMe This lesson is fairly straightforward, but necessary to complete for one (or more) of the learning paths. I’m already confident with Python, so here’s my solution to the challenge problem. Challenge Time! You’ll find a file attached to this task called encoded_flag.txt. Within this file, you will...