Registry is a box rated at hard difficulty. There are quite a few steps involved, but with a bit of persistence and little experience with Docker internals (hint hint), it looks more daunting than it actually is. Let's go through the process of breaking in step by step! Out initial nmap scan is as unexciting… Continue reading HackTheBox Registry Write-up
Category: ctf/hackathon
HackTheBox Fuzzy Write-up
Fuzzy is a fun and short challenge on a docker container. It is especially good for teaching beginners the basics of using a fuzzer to discover new endpoints on a webserver. Spawning the container and probing around a bit, we don't have too much success. Using dirbuster and a standard wordlist, we find the endpoint… Continue reading HackTheBox Fuzzy Write-up
HackTheBox Mango Write-up
Mango was an interesting box when it comes to enumeration. It taught me to look more closely and not brush off anything just because I have seen it before. The box is also a prime lesson to aggregate your recon info in a structured manner so it's easier to apply it at other points when… Continue reading HackTheBox Mango Write-up
HackTheBox Postman Write-up
Postman was an easy-going box. It required careful enumeration and beyond that did not have too much resistance in privilege escalation. This makes it a prime example for real-world M&M security where the initial foothold is hard, but there is few resistance on the inside. Let's start out by scanning the machine: # nmap -sS… Continue reading HackTheBox Postman Write-up
The 36C3 Telnet Challenge (a.k.a. Cat CTF)
This is a write-up from the 36th Chaos Communication Congress, 2019. It has been my fourth Congress. Timed shortly after Christmas, it feels like meeting a second kind of family after the holidays. Hackers from all over the world gather in Leipzig to celebrate the weirdness of our community, break technology, learn new things, and… Continue reading The 36C3 Telnet Challenge (a.k.a. Cat CTF)
HackTheBox Obscurity Write-up
Obscurity is a medium-difficulty box. It was super fun to solve because it involved great excuses for me to write some neat little helper scripts and find a vulnerability in Python code. Something you don't do too often in these challenges. Let's dive right in with a nmap scan: $ nmap -sS -sC -oN obscurity.nmap… Continue reading HackTheBox Obscurity Write-up
HackTheBox OpenAdmin Write-up
OpenAdmin is yet another medium-difficulty machine, which was a blast to hack on! It involved dealing with various stack components, such as interacting directly with a MySQL database. Furthermore, hopping across multiple users through different escalation vectors was very satisfying. Let's see how it is done! Our first nmap scan does not yield any exciting… Continue reading HackTheBox OpenAdmin Write-up
HackTheBox Traverxec Write-up
Traverxec is an interesting box, mainly because the HackTheBox team rated it as easy while the community disagreed and voted it to medium difficulty. It involved a funky privilege escalation that I had not seen before. Let's see how it's done! Our first nmap scan does not return exciting results: $ nmap -sS -sC -oN… Continue reading HackTheBox Traverxec Write-up
HackTheBox Wall Write-up
Wall was as much a fun and educational box as it was frustrating and stretching my patience. It felt like the system was updated by the creator to have some features in place meant to annoy people trying to break in. Nevertheless, there are some nice WAF evasion techniques to consider here, as well as… Continue reading HackTheBox Wall Write-up
The DEFCON 27 Packet Hacking Village Honeypot Challenge
This year marks the first time I got to attend DEFCON Las Vegas — one of the largest hacker conferences in the world. There are a plethora of things to discover and try out. The talks can be streamed later, but the workshops and spontaneous gatherings? A challenge that caught my eye was the honeypot challenge in… Continue reading The DEFCON 27 Packet Hacking Village Honeypot Challenge
plaintext 