-
Jack - TryHackMe
Oct 03, 2020
Info This is a room from TryHackMe. Link to the room If you have any questions, or want to discuss anything with me, please leave a comment or find me through methods listed in About Page Recon First thing first, add domain name to /etc/hosts as described: As usual, do a port scan: We found ports 22 and 80 open on this host. Then the next thing would be doing a fingerprint scan on these ports:…more
-
CSEC CTF: Doors Plus
Jul 10, 2020
Challenge Info This is a challenge from the UTS Cyber Security Society (CSEC) Semester-long CTF for 2020 Autumn session. Link: here Let’s look around So the challenge starts with a URL (not the YouTube link!). Go to that link we see: Seems this website provides a set of web API. And our objective, as described, is to create a door named “Backdoor”. Firstly I tried to send a GET request to /api/door with Postman:…more
-
Wonderland - TryHackMe
Jun 13, 2020
Room URL: https://tryhackme.com/room/wonderland Before you read If you haven’t tried this box yet, I’d highly recommend try it yourself first. This box is quite fun :) Well, let’s: Fall down the rabbit hole and enter wonderland. nmap First thing, no doubt, we gotta know which ports are open on this box. This is how we do it: nmap -sC -sV <your box ip> An ssh and a HTTP server.…more
Boot2RootTryHackMeEscalationPython Module HijackPATH Exploit
-
WPI CTF: Suckmore Shell 2.0
Apr 18, 2020
Challenge Description After its abysmal performance at WPICTF 2019, suckmore shell v1 has been replaced with a more secure, innovative and performant version, aptly named suckmore shell V2. ssh smsh@smsh.wpictf.xyz pass: suckmore>suckless made by: acurless Poking Around First off, SSH login. ssh smsh@smsh.wpictf.xyz Give the password when asked. A prompt, hmmmm. Doesn’t look a normal shell, but it’s a shell. Okay, let’s see what we have now.…more
-
WPI CTF: John Cena πΊπΊπΊπΊ
Apr 18, 2020
Challenge Description You can’t see him, but can you see the flag? http://us-east-1.linodeobjects.com/wpictf-challenge-files/braille.png made by: ollien, with a little help from acurless Braille The first clue for this challenge is a URL to a PNG image. This is how it looks: Apparently, it’s something written in Braille. We need to do an “OCR” of this picture first, and then decode it. According to Wikipedia, 6-dot Braille patterns are coded in Unicode as this:…more
-
WPI CTF: πππ
Apr 18, 2020
Challenge Description πππZoopπππZoop πππZoopπππZoop πππZoopπππZoop πππZoopπππZoop πππZoopπππZoop … πππZoopπππZoop πππZoopπππZoop πππZoopπππZoop πππZoop http://zoop.wpictf.xyz made by: ollien Exploring So seems it starts with a web page. Let’s take a look first. This looks like a IM, and a friend talks about sending a file from a website http://storage.zoop. Let’s poke around. When I click on “Attach” button, a dialog shows up. It allows me to input a URL of the storage.…more
-
CSEC CTF: Missing
Apr 12, 2020
Challenge Info This is a challenge from the UTS Cyber Security Society (CSEC) Semester-long CTF for 2020 Autumn session. Link: here Poking around So the description gave us a URL (http://128.199.239.130:8007). No reason not to start here, right? And we got: Hmmm… Seems a newly set up Apache server, running a Ubuntu machine, without even serving a proper page. Not quite informative. Nothing in the page source, either :(…more