zacheller@home:~/blog$

  • A Challenge from BSidesSF2020

    Google Security & Privacy Engineering Challenge I stopped by the Google booth at BSidesSF 2020 this weekend, and I picked up a challenge card and a free Titan Security Key Bundle (which I greatly appreciated). Today, I sorted through all the papers, stickers, and t-shirts that I recieved at BSides...

  • OWASP Juice Shop v9.3.1 - 1 Star Solutions

    Confidential Document Access a confidential document. Navigate to About Us page, where there is a link to terms of use on FTP server: http://10.10.50.111/ftp/legal.md?md_debug=true. Go to http://10.10.50.111/ftp/. Download acquisitions.md Also, downloaded incident-support.kdbx for cracking. $ keepass2john incident-support.kdbx | cut -d ":" -f 2 > keepass.hash DOM XSS Perform a DOM...

  • Workshop - Shall we play a game?

    On Friday, February 7, I ran a workshop for STL 2600 at Arch Reactor. I conducted a guided walkthrough of OverTheWire’s Bandit, a CTF game designed to teach the essential skills for competing in more advanced CTF games. We went through the challenges as a group and played Bash golf...

  • TryHackMe - LazyAdmin

    Connect with OpenVPN for access to server at 10.10.108.85. Enumeration Let’s scan with nmap, but save it to a metasploit db. msfdb reinit msf5 > db_nmap -sV 10.10.108.85 Port 22 (SSH) and Port 80 (HTTP) are open. No credentials, so let’s check out the website being hosted. It’s a default...