zacheller@home:~/blog$

posts

about

whoami

contact

  • pwnable.kr - blukat

    Prompt Sometimes, pwnable is strange… hint: if this challenge is hard, you are a skilled player. ssh blukat@pwnable.kr -p2222 (pw: guest) Solution blukat@pwnable:~$ ls blukat blukat.c password blukat@pwnable:~$ cat blukat.c #include <stdio.h> #include <string.h> #include <stdlib.h> #include <fcntl.h> char flag[100]; char password[100]; char* key = "3\rG[S/%\x1c\x1d#0?\rIS\x0f\x1c\x1d\x18;,4\x1b\x00\x1bp;5\x0b\x1b\x08\x45+"; void calc_flag(char* s){ int...

  • TryHackMe - Web Fundamentals

    Room: Web Fundamentals This room is designed as a basic intro to how the web works. Mini CTF There’s a web server running on http://10.10.32.23:8081. Connect to it and get the flags! GET request. Make a GET request to the web server with path /ctf/get curl http://10.10.32.23:8081/ctf/get POST request. Make...

  • TryHackMe - ToolsRUs

    This is a writeup to the ToolsRus Room on TryHackMe.com. The goal is to practice using dirbuster, hydra, nmap, nikto and metasploit. The challenge is to use the tools to enumerate a server, gathering information along the way that will eventually lead to you taking over the machine. What directory...

  • picoCTF 2020 Mini-Competition - Pitter, Patter, Platters

    Challenge Description ‘Suspicious’ is written all over this disk image. Download suspicious.dd.sda1. Hints It may help to analyze this image in multiple ways: as a blob, and as an actual mounted disk. Have you heard of slack space? There is a certain set of tools that now come with Ubuntu...

  • picoCTF 2020 Mini-Competition - Web Gauntlet SQL Injection

    In this challenge, we are linked to a login form we are meant to bypass with SQL injection. At each level the filter changes, so we have to update your injection as necessary. Round 1 - filter: or Use basic injection and comment out the rest of the line. input:...

  • Running Nmap using WSL1

    What Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Why In WSL 1, there have been...

  • Niflheim Network CTF - Solutions

    I really enjoyed this CTF, and I dug into networking logs more than I ever had previous. It involved reading through several large PCAP files, a JSON file, a CSV file, some cool background documents on APTs, and various log files. I was asked to wait to post solutions to...

  • TryHackMe - Intro to x86-64

    Room: Intro to x86-64 This room will look at the basic primitives of Intel’s x86-64 assembly language, and will use these primitives to understand the construction of basic programs using loops, functions and procedures. The tasks attached to this room will use the r2 reverse engineering framework. Note, this room...

  • LocoMocoSec Secure Coding Tournament

    On November 5th and 6th, I attended a virtual Hawaiian Prodcut Security Conference called LocoMocoSec. Secure Code Warrior ran a Secure Coding Tournament using their platform for the conference. Having used their “Secure Code Bootcamp” mobile app and the Training tab on their portal, I felt very prepared for the...

  • RE: Grayhat 2020

    I had a great time at Grayhat this year. There were a lot of competitions, and it was hard to choose where I wanted to spend my time. See the entire list here: I ended up winning the Niflheim’s Network CTF, getting root on the SECARMY OSCP Giveaway Vulnhub box,...