zacheller@home:~/blog$

  • TryHackMe - Ignite

    Enumeration nmap root@kali:~/Security/TryHackMe/ignite# portscan 10.10.164.23 Open ports: 80 Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-30 16:05 EDT Nmap scan report for 10.10.164.23 Host is up (0.15s latency). PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) | http-robots.txt: 1 disallowed entry |_/fuel/ |_http-title: Welcome to FUEL CMS...

  • pwnable.kr - shellshock

    Prompt Mommy, there was a shocking news about bash. I bet you already know, but lets just make it sure :) ssh shellshock@pwnable.kr -p2222 (pw:guest) Analysis We have an executable called shellshock, its source shellshock.c, and a bash executable. Let’s check permissions: shellshock@pwnable:~$ ls -l total 960 -r-xr-xr-x 1 root...

  • TryHackMe - Overpass

    Prompt What happens when a group of broke Computer Science students try to make a password manager? Obviously a perfect commercial success! Enumeration $ portscan 10.10.172.155 Open ports: 22,80 Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-23 16:39 EDT Nmap scan report for 10.10.172.155 Host is up (0.17s latency). PORT...

  • 247/CTF - THE IMPOSSIBLE USER

    Prompt This encryption service will encrypt almost any plaintext. Can you abuse the implementation to actually encrypt every plaintext? Source from Crypto.Cipher import AES from flask import Flask, request from secret import flag, aes_key, secret_key app = Flask(__name__) app.config['SECRET_KEY'] = secret_key app.config['DEBUG'] = False flag_user = 'impossible_flag_user' class AESCipher(): def...