Traverxec is an interesting box, mainly because the HackTheBox team rated it as easy while the community disagreed and voted it to medium difficulty. It involved a funky privilege escalation that I had not seen before. Let's see how it's done! Our first nmap scan does not return exciting results: $ nmap -sS -sC -oN… Continue reading HackTheBox Traverxec Write-up
HackTheBox Wall Write-up
Wall was as much a fun and educational box as it was frustrating and stretching my patience. It felt like the system was updated by the creator to have some features in place meant to annoy people trying to break in. Nevertheless, there are some nice WAF evasion techniques to consider here, as well as… Continue reading HackTheBox Wall Write-up
Dear Medium,
My blogging journey has taken me far. I started writing articles about six years ago. Things got serious after I started studying Computer Science. Among the students of my class there was a lot of chatter. The tendency was that who was unable to communicate would soon start failing exams and eventually quit. In this… Continue reading Dear Medium,
The DEFCON 27 Packet Hacking Village Honeypot Challenge
This year marks the first time I got to attend DEFCON Las Vegas — one of the largest hacker conferences in the world. There are a plethora of things to discover and try out. The talks can be streamed later, but the workshops and spontaneous gatherings? A challenge that caught my eye was the honeypot challenge in… Continue reading The DEFCON 27 Packet Hacking Village Honeypot Challenge
A Code Review Story
This is the first post of a sporadic series where we will dive into the weeds of more complex Python code review samples. I will take (slightly modified) real-world code samples, explain some common mistakes that have been made, and how we can improve things. Let’s jump right in! In this scenario, we have a… Continue reading A Code Review Story
HackTheBox fs0sciety Write-up
fs0ciety is yet another low-hanging fruit among the HackTheBox challenges. It's great for beginners who want to test their process for cracking password-protected zip files and recognition of various encodings. For that, we will use fcrackzip - simply for the reason that it has been around for ages and ships with Kali by default. I… Continue reading HackTheBox fs0sciety Write-up
Explain like I’m five: Cryptographic Hashing
tl;dr Just check out the image and read the details below it if you want to know even more. 🙂 A few days back I read an article by Yunyun Chen explaining Hashing in an infographic. I enjoyed it and read some comments, which pointed out a couple of weak spots that result from common misconceptions… Continue reading Explain like I’m five: Cryptographic Hashing
HackTheBox 0ld_is_g0ld Write-up
0ld_is_g0ld is a HackTheBox challenge and a great way for beginners to familiarize themselves with PDF password cracking. If you have used Hashcat before, it's an easy win. Verifying we indeed are targeting the correct file format: $ file 0ld\ is\ g0ld.pdf 0ld is g0ld.pdf: PDF document, version 1.6 We can extract the hash using… Continue reading HackTheBox 0ld_is_g0ld Write-up
The Thing about Mutable Default Arguments in Python
Yesterday I stumbled across some code like this… def search_children(statespace, node, start_index=0, depth=0, results=[]): if depth < MAX_SEARCH_DEPTH: n_states = len(node.states) if n_states > start_index: for j in range(start_index, n_states): if node.states[j].get_current_instruction()['opcode'] == 'SSTORE': results.append(node.states[j].get_current_instruction()['address']) ... The semantics of the code don’t really matter here. Still spot the bug? It’s a very common Python gotcha… Continue reading The Thing about Mutable Default Arguments in Python
Low-level Debugging of Stubborn Docker Containers
A few weeks back I have started contributing to the awesome Mythril project. Mythril is a security scanner for smart contracts that allows everyone to look for vulnerabilities on- and off-chain by being able to analyze raw smart contract code, as well as the actual Solidity code file. To make setting it up more easy,… Continue reading Low-level Debugging of Stubborn Docker Containers