zacheller@home:~/blog$

  • TryHackMe - RP Web Scanning

    Nikto Scanning What switch do we use to set the target host? -h Websites don’t always properly redirect to their secure transport port and can sometimes have different issues depending on the manner in which they are scanned. How do we disable secure transport? -nossl How about the opposite, how...

  • pwnable.kr - blackjack

    Prompt Hey! check out this C implementation of blackjack game! I found it online http://cboard.cprogramming.com/c-programming/114023-simple-blackjack-program.html I like to give my flags to millionares. how much money you got? Running at : nc pwnable.kr 9009 Analysis We need to make $1,000,000. For this code review, let’s consider our sources. We have...

  • TryHackMe - RP tmux

    Once tmux is installed, let’s launch a new session. What command do we use to launch a new session without a custom name? tmux All tmux commands start with a keyboard button combination. What is the first key in this combination? Ctrl How about the second key? Note, these keys...

  • TryHackMe - Linux Challenges

    Linux Challenges Introduction This rooms purpose is to learn or improve your Linux skills. There will be challenges that will involve you using the following commands and techniques: Using commands such as: ls, grep, cd, tail, head, curl, strings, tmux, find, locate, diff, tar, xxd Understanding cronjobs, MOTD’s and system...

  • Webinar - Cyber Threat Hunting Skills with Aastha Sahni

    Info Pacific Hackers Meetup - October 10, 2020 - Cyber Threat Hunting Skills with Aastha Sahni. Abstract With the growing number of threats and their complexity, Cyber Threat Hunting has become an important part of Cyber Defense Strategy. We will discuss one such approach today of Cyber Threat Hunting -...

  • pwnable.kr - cmd2

    Prompt Daddy bought me a system command shell. but he put some filters to prevent me from playing with it without his permission… but I wanna play anytime I want! ssh cmd2@pwnable.kr -p2222 (pw:flag of cmd1) Files We are given an executable cmd2, its source cmd2.c, and a flag file....

  • pwnable.kr - cmd1

    Prompt Mommy! what is PATH environment in Linux? ssh cmd1@pwnable.kr -p2222 (pw:guest) Files We are given an executable cmd1, its source cmd1.c, and a flag file. cmd1.c: #include <stdio.h> #include <string.h> int filter(char* cmd){ int r=0; r += strstr(cmd, "flag")!=0; r += strstr(cmd, "sh")!=0; r += strstr(cmd, "tmp")!=0; return r;...

  • TryHackMe - Common Linux Privesc

    Enumeration First, lets SSH into the target machine, using the credentials user3:password. This is to simulate getting a foothold on the system as a normal privilege user. What is the target’s hostname? user@**polobox** Look at the output of /etc/passwd how many “user[x]” are there on the system? user3@polobox:~$ grep /etc/passwd...

  • TryHackMe - Intro to Python

    Challenge Location: TryHackMe This lesson is fairly straightforward, but necessary to complete for one (or more) of the learning paths. I’m already confident with Python, so here’s my solution to the challenge problem. Challenge Time! You’ll find a file attached to this task called encoded_flag.txt. Within this file, you will...

  • DarkCTF - Web/Apache Logs

    This is my solution to DarkCTF’s Web/Apache Logs challenge. First, download and unzip the folders until you find logs.ctf within. $ file logs.ctf logs.ctf: ASCII text, with very long lines $ head -n 10 logs.ctf find the flag! khkhkh 192.168.32.1 - - [29/Sep/2015:03:28:43 -0400] "GET /dvwa/robots.txt HTTP/1.1" 200 384 "-"...