-
TryHackMe - Startup
TryHackMe Room Welcome to Spice Hut! I first enumerated the box with nmap and found FTP, SSH, and HTTP services running. FTP allowed anonymous login, and I could get and put files into the ftp directory. I ran gobuster to find if that was visible on the website, and I...
-
My CTF team is currently #1 in United States!
My CTF team ARESx is currently ranked #1 in the U.S. and #28 globally on CTFtime.org. Thanks to TetCTF 2021 for giving us the opportunity for an early lead on the leaderboards this year! We finished out last year ranked #18 in the U.S. and #132 internationally, having competed in...
-
TryHackMe - Overpass 2
Forensics - Analyze the PCAP First, I downloaded the PCAP and opened it in Wireshark. Several packets jumped out due to their info containing: POST /development/upload.php HTTP/1.1. To find the actual payload, I exported the HTTP object of upload.php in packet 14: -----------------------------1809049028579987031515260006 Content-Disposition: form-data; name="fileToUpload"; filename="payload.php" Content-Type: application/x-php <?php...
-
TryHackMe - Advent of Cyber 2020
I finished the 25 challenges for the 2020 Advent of Cyber Competition. It was a fun series, though pretty easy. I appreciate that it got me working on TryHackMe every day.
-
TryHackMe - Anthem
This is a simple box that doesn’t require actual exploitation located (here)[https://tryhackme.com/room/anthem]. Website Analysis Run a basic nmap <ip> to discover port a website on port 80 and an RDP service on port 3389. Check /robots.txt to find a password and some “hidden” directories: /bin, /config, /umbraco, /umbraco_client. Be sure...
-
KringleCon 2020 CTF
I spent some time in KringleCon this year. There were some unique challenges, and I had a good time. Here are some of my solutions. Objectives Uncover Santa’s Gift List Q: There is a photo of Santa’s Desk on that billboard with his personal gift list. What gift is Santa...
-
Setup Kali Linux GUI on WSL2
I followed the Kali Guide, but ran into some issues so I thought I’d make a post on what worked for me. These instructions are more streamlined, and the main difference is that they include installing dbus-x11. Install Kali Linux in WSL2 Open PowerShell as administrator and run: Enable-WindowsOptionalFeature -Online...
-
TryHackMe - 25 Days of Christmas
This TryHackMe room was open for the 2019 Advent of Cyber event but was made private likely to avoid confusion with the new 2020 Advent of Cyber Room event currently running. Since I finished the new challenges (they are released one a day), I thought I’d go back and finish...
-
TryHackMe - Kenobi
Room: Kenobi Deploy the vulnerable machine Scan the machine with nmap, how many ports are open? kali@kali:~$ nmap -T4 -p- 10.10.54.61 Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-30 22:03 EST Stats: 0:00:02 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan Connect Scan Timing: About 0.37% done Stats:...
-
DigitalOcean - Utilizing Security Features in SSH
What is SSH Secure shell Protocol for creating encrypted communication channels between two networked hosts What is OpenSSH The standard tool for remote management of *Nix systems from servers to embedded devices to network devices (is now supported by Windows) Active development happening on OpenBSD version, then ported to Portable...