-
247/CTF - TIPS AND TRICKS
Prompt Utilise a programming language to interface with the socket and automate solving 500 simple addition problems to receive the flag. Take care when interfacing with unknown remote services - ‘\n’ is not the only way to end a line! Solution #!/usr/bin/env python3 from pwn import * URL="54774aadc5a56c41.247ctf.com" PORT=50488 #...
-
247/CTF - MY MAGIC BYTES
Prompt Can you recover the secret XOR key we used to encrypt the flag? Solution Our file my_magic_bytes.jpg.enc is an encrypted jpg (at least that’s what the extension .jpg.enc leads us to believe). While this might be misdirection, let’s start by assuming it is an encrypted JPEG. Because we know...
-
TryHackMe - Vulnversity
This is a writeup for Vulnversity on TryHackMe. Reconnaissance root@kali:~/TryHackMe/vulnversity# nmap -sV 10.10.149.14 Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-12 20:04 EDT Nmap scan report for 10.10.149.14 Host is up (0.16s latency). Not shown: 994 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 22/tcp open ssh...
-
SpiderLabs CTF @ Blackhat 2020
My team B34R5H3LL-RED competed in the SpiderLabs CTF at Virtual Blackhat from Thursday, August 6 at 6:00 pm PST to August 8 at 6:00 pm PST. We started with an early lead and kept 1st place for the first 8 or so hours. We ended with 1350 points in 39th...
-
Vulnhub - InfoSec Prep: OSCP
The InfoSec Prep Discord server was giving away a OSCP voucher code to 10 random people who solved this Vulnhub box and messaged the root flag to the TryHarder bot, so I entered the competition to test my luck. Here’s my solution to the challenge. Enumeration root@kali:~/Security/Vulnhub/oscp-voucher-chall# portscan 192.168.1.207 Open...
-
Trend Micro Threat Defense Challenge - XDR Edition
Prompt Think you have what it takes to beat a hacker? Join us for the Trend Micro Threat Defense Challenge: XDR Edition and see! Put your skills to the test as you stop a cyberattack in real time. For 45 minutes, compete alongside your peers to win big prizes, and...
-
OverTheWire - Leviathan 0-7
Prompt Dare you face the lord of the oceans? Leviathan is a wargame that has been rescued from the demise of intruded.net, previously hosted on leviathan.intruded.net. Level 0 leviathan0:leviathan0 Check the hidden .backup folder, and look through the long bookmarks file. leviathan0@leviathan:~/.backup$ grep leviathan bookmarks.html <DT><A HREF="http://leviathan.labs.overthewire.org/passwordus.html | This will...
-
Vulnhub - DC: 4
Enumeration Nmap root@kali:~/Security/Vulnhub/DC-Series/4# portscan 10.10.10.9 Open ports: 22,80 Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-02 18:57 EDT Nmap scan report for bastard.htb (10.10.10.9) Host is up (0.00029s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u6 (protocol 2.0) | ssh-hostkey: | 2048 8d:60:57:06:6c:27:e0:2f:76:2c:e6:42:c0:01:ba:25 (RSA) | 256...
-
pwnable.kr - mistake
Prompt We all make mistakes, let’s move on. (don’t take this too seriously, no fancy hacking skill is required at all) This task is based on real event Thanks to dhmonkey hint : operator priority ssh mistake@pwnable.kr -p2222 (pw:guest) Source Code Analysis We are given an executable mistake and its...
-
HackTheBox - Active (Retired)
Enumeration Likely a Domain Controller since it’s running DNS, Kerberos, LDAP. Domain: active.htb. Common to domain controllers message signing is enabled and required for smb. Most of SMB and NTLM relay is done on machines other than Domain Controller since the functionality is usually turned off. We could maybe dump...