zacheller@home:~/blog$

  • Defend the Web - SQLi

    SQLi 1 / SQLi This is a basic challenge which accepts a lot of answers. You can just use ' OR 1=1 ;-- to complete it. SQLi 2 / SQLi This is a little more involved. We start with a login form and a “Browse members” section. When we select...

  • TryHackMe - OhSINT

    What information can you possible get starting with just one photo? Steganography We start by downloading the WindowsXP.jpg screensaver. The most obvious thing to check is the handle in the copyright. Once that is exhausted, we can check the GPS position. Copyright : OWoodflint GPS Position : 54 deg 17’...

  • OWASP Juice Shop v9.3.1 - 2 Star Solutions

    Admin Section Access the administration section of the store. Navigate to http://10.10.50.111/#/administration Admin can see list of registered users, non-logged in cannot. Emails email admin@juice-sh.op jim@juice-sh.op bender@juice-sh.op bjoern.kimminich@googlemail.com ciso@juice-sh.op support@juice-sh.op morty@juice-sh.op mc.safesearch@juice-sh.op J12934@juice-sh.op wurstbrot@juice-sh.op amy@juice-sh.op bjoern@juice-sh.op bjoern.kimminich@owasp.org Recycling Requests User Quantity Address Pickup Date 2 800 Starfleet HQ, 24-593 Federation...

  • Defend The Web - Assorted Challenges

    24 bit Download the file. Change the filetype and open it. Beach I first downloaded the image and ran exiftool on it. There were two fields that stuck out to me. $ exiftool b4.jpg | egrep 'Artist|User' Artist : james User Comment : I like chocolate First guess was the...

  • HackTheBox - OpenAdmin

    Enumeration $ nmap -sV 10.10.10.171 --script=vuln Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-06 21:12 EST Nmap scan report for 10.10.10.171 Host is up (1.4s latency). Not shown: 979 closed ports PORT STATE SERVICE VERSION 22/tcp open tcpwrapped |_clamav-exec: ERROR: Script execution failed (use -d to debug) 80/tcp open tcpwrapped...

  • BountyCon Challenge Solution

    Poking around the web, I randomly found a flag to BountyCon. Cheers! $ curl https://www.google.com/.well-known/security.txt Contact: https://g.co/vulnz Contact: mailto:security@google.com Encryption: https://services.google.com/corporate/publickey.txt Acknowledgements: https://bughunter.withgoogle.com/ Policy: https://g.co/vrp Hiring: https://g.co/SecurityPrivacyEngJobs # Flag: BountyCon{075e1e5eef2bc8d49bfe4a27cd17f0bf4b2b85cf}

  • My First Kali Linux Setup (2019.3)

    Setup and Initial Configuration passwd root apt update && apt upgrade apt autoremove dpkg-reconfigure openssh-server #change default ssh keys use systemctl to turn on services by default (on boot) systemctl enable ssh systemctl enable postgresql # useful for metasploit turn off the water dropping sound dconf write /org/gnome/desktop/sound/event-sounds "false" add...

  • EDURange - SSH_Inception

    Login On EDURange after scenario is provisioned, use the Login and Password in the Scenario Information section and the Public IP Address of the first instance, nat, to begin the challenge. $ ssh zheller@3.92.162.111 # enter 2fff0a89 nat Welcome to SSH Inception. The goal is to answer all questions by...

  • A Challenge from BSidesSF2020

    Google Security & Privacy Engineering Challenge I stopped by the Google booth at BSidesSF 2020 this weekend, and I picked up a challenge card and a free Titan Security Key Bundle (which I greatly appreciated). Today, I sorted through all the papers, stickers, and t-shirts that I recieved at BSides...

  • OWASP Juice Shop v9.3.1 - 1 Star Solutions

    Confidential Document Access a confidential document. Navigate to About Us page, where there is a link to terms of use on FTP server: http://10.10.50.111/ftp/legal.md?md_debug=true. Go to http://10.10.50.111/ftp/. Download acquisitions.md Also, downloaded incident-support.kdbx for cracking. $ keepass2john incident-support.kdbx | cut -d ":" -f 2 > keepass.hash DOM XSS Perform a DOM...