zacheller@home:~/blog$

posts

about

whoami

contact

  • pwnable.kr - random

    Prompt Daddy, teach me how to use random value in programming! ssh random@pwnable.kr -p2222 (pw:guest) Solution random.c: #include <stdio.h> int main(){ unsigned int random; random = rand(); // random value! unsigned int key=0; scanf("%d", &key); if( (key ^ random) == 0xdeadbeef ){ printf("Good!\n"); system("/bin/cat flag"); return 0; } printf("Wrong, maybe...

  • pwnable.kr - flag

    Prompt Papa brought me a packed present! let’s open it. Download : http://pwnable.kr/bin/flag This is reversing task. all you need is binary Solution Download the file and figure out what it does. noble@heart:~/cyber/ctf/pwnable.kr/flag$ wget http://pwnable.kr/bin/flag noble@heart:~/cyber/ctf/pwnable.kr/flag$ file flag flag: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, no...

  • HackTheBox - Blue (Retired)

    Enumeration root@kali:~/Security/HackTheBox/blue# portscan 10.10.10.40 Open ports: 135,139,445,49152,49153,49154,49155,49156,49157 Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-01 15:36 EDT Nmap scan report for blue.htb (10.10.10.40) Host is up (0.074s latency). PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Windows 7 Professional...

  • Malware Traffic Analysis Exercise - EGGNOG SOUP

    This challenge is from MALWARE-TRAFFIC-ANALYSIS.NET. Download the PCAP ZIP yourself here. Check their about page for the password. Scenario LAN segment data: LAN segment range: 172.16.3.0/24 (172.16.3.0 through 172.16.3.255) Domain: eggnogsoup.com Domain controller: 172.16.3.2 - EggNogSoup-DC LAN segment gateway: 172.16.3.1 LAN segment broadcast address: 172.16.3.255 Task How many hosts besides...

  • Vulnhub - DC: 3

    Here’s a walkthrough for the third VM in the DC Vulnhub series. Enumeration After a quick nmap 10.10.10.0/24 I find the box at 10.10.10.8 with port 80 open. An in depth scan reveals Joomla! CMS. $ nmap -sC -sV -Pn 10.10.10.8 ... PORT STATE SERVICE VERSION 80/tcp open http Apache...

  • pwnable.kr - bof

    Prompt Nana told me that buffer overflow is one of the most common software vulnerability. Is that true? Download : http://pwnable.kr/bin/bof Download : http://pwnable.kr/bin/bof.c Running at : nc pwnable.kr 9000 Solution Download bof.c: #include <stdio.h> #include <string.h> #include <stdlib.h> void func(int key){ char overflowme[32]; printf("overflow me : "); gets(overflowme); //...

  • 247/CTF - THE TEXT EDITOR JAIL

    Prompt We didn’t have time to setup and test a proper jail, so this text editor will have to do for now. Can you break free? Solution This one is a pretty simple escape. We are dropped into vim over a ttyd web terminal. In case anyone hasn’t seen it,...

  • Vulnhub - DC: 2

    Here’s a walkthrough for the second VM in the DC Vulnhub series. I keep the VMs I download from the internet on an internal network so as not to expose my home network. I clone my attacker VM and then add that to the internal network to begin pentesting. If...

  • 247/CTF - AN IMPOSSIBLE NUMBER

    Prompt Can you think of a number which at the same time is one more than itself? Solution We are given some C code for the backend. As the value range for an int in C is -2,147,483,648 to 2,147,483,647. The obvious answer is 2,147,483,647 because incrementing it would cause...

  • Malware Traffic Analysis Exercise - DYNACCOUNTIC

    This challenge is from MALWARE-TRAFFIC-ANALYSIS.NET. Download the PCAP ZIP yourself here. Check their about page for the password. Scenario Someone at Dynaccountic has infected their Windows computer. Your manager has tasked you to write an incident report. Here’s a brief outline of associated network traffic: LAN segment: 10.10.10.0/24 (10.10.10.0 through...