Construct Truffle Artifact Source Lists

This is a quick and dirty workaround for an issue that has been bugging me a lot. Truffle is one of the central, if not the most central development tool for building smart contracts on Ethereum to date. When compiling a Truffle project, the output is stored in build/contracts by default. An artifact simply a JSON object containing a plethora of data. A short sample … Continue reading Construct Truffle Artifact Source Lists

HackTheBox Postman Write-up

Postman was an easy-going box. It required careful enumeration and beyond that did not have too much resistance in privilege escalation. This makes it a prime example for real-world M&M security where the initial foothold is hard, but there is few resistance on the inside. Let’s start out by scanning the machine: There are a few interesting things here already. We have a webserver running … Continue reading HackTheBox Postman Write-up

The 36C3 Telnet Challenge (a.k.a. Cat CTF)

This is a write-up from the 36th Chaos Communication Congress, 2019. It has been my fourth Congress. Timed shortly after Christmas, it feels like meeting a second kind of family after the holidays. Hackers from all over the world gather in Leipzig to celebrate the weirdness of our community, break technology, learn new things, and have caffeine-fuelled fun. On my initial recon walk with friends … Continue reading The 36C3 Telnet Challenge (a.k.a. Cat CTF)

HackTheBox Obscurity Write-up

Obscurity is a medium-difficulty box. It was super fun to solve because it involved great excuses for me to write some neat little helper scripts and find a vulnerability in Python code. Something you don’t do too often in these challenges. Let’s dive right in with a nmap scan: Checking port 8080 on the server, we find the following text: Challenge accepted. The developer message … Continue reading HackTheBox Obscurity Write-up

HackTheBox OpenAdmin Write-up

OpenAdmin is yet another medium-difficulty machine, which was a blast to hack on! It involved dealing with various stack components, such as interacting directly with a MySQL database. Furthermore, hopping across multiple users through different escalation vectors was very satisfying. Let’s see how it is done! Our first nmap scan does not yield any exciting results: On port 80, we see the default Ubuntu Apache … Continue reading HackTheBox OpenAdmin Write-up

HackTheBox Traverxec Write-up

Traverxec is an interesting box, mainly because the HackTheBox team rated it as easy while the community disagreed and voted it to medium difficulty. It involved a funky privilege escalation that I had not seen before. Let’s see how it’s done! Our first nmap scan does not return exciting results: On port 80, we see a portfolio website. Nothing exciting seems to be hidden here. … Continue reading HackTheBox Traverxec Write-up