HackTheBox Postman Write-up

Postman was an easy-going box. It required careful enumeration and beyond that did not have too much resistance in privilege escalation. This makes it a prime example for real-world M&M security where the initial foothold is hard, but there is few resistance on the inside. Let’s start out by scanning the machine: There are a few interesting things here already. We have a webserver running … Continue reading HackTheBox Postman Write-up

The 36C3 Telnet Challenge (a.k.a. Cat CTF)

This is a write-up from the 36th Chaos Communication Congress, 2019. It has been my fourth Congress. Timed shortly after Christmas, it feels like meeting a second kind of family after the holidays. Hackers from all over the world gather in Leipzig to celebrate the weirdness of our community, break technology, learn new things, and have caffeine-fuelled fun. On my initial recon walk with friends … Continue reading The 36C3 Telnet Challenge (a.k.a. Cat CTF)

HackTheBox Obscurity Write-up

Obscurity is a medium-difficulty box. It was super fun to solve because it involved great excuses for me to write some neat little helper scripts and find a vulnerability in Python code. Something you don’t do too often in these challenges. Let’s dive right in with a nmap scan: Checking port 8080 on the server, we find the following text: Challenge accepted. The developer message … Continue reading HackTheBox Obscurity Write-up

HackTheBox OpenAdmin Write-up

OpenAdmin is yet another medium-difficulty machine, which was a blast to hack on! It involved dealing with various stack components, such as interacting directly with a MySQL database. Furthermore, hopping across multiple users through different escalation vectors was very satisfying. Let’s see how it is done! Our first nmap scan does not yield any exciting results: On port 80, we see the default Ubuntu Apache … Continue reading HackTheBox OpenAdmin Write-up

HackTheBox Traverxec Write-up

Traverxec is an interesting box, mainly because the HackTheBox team rated it as easy while the community disagreed and voted it to medium difficulty. It involved a funky privilege escalation that I had not seen before. Let’s see how it’s done! Our first nmap scan does not return exciting results: On port 80, we see a portfolio website. Nothing exciting seems to be hidden here. … Continue reading HackTheBox Traverxec Write-up

The DEFCON 27 Packet Hacking Village Honeypot Challenge

This year marks the first time I got to attend DEFCON Las Vegas — one of the largest hacker conferences in the world. There are a plethora of things to discover and try out. The talks can be streamed later, but the workshops and spontaneous gatherings? A challenge that caught my eye was the honeypot challenge in the packet hacking village. The setting is simple: You gain … Continue reading The DEFCON 27 Packet Hacking Village Honeypot Challenge