Archives/2020
|
TryHackMe > Archangel Tue, 27 Apr 2021 20:35:00 +0000 Boot2root, Web exploitation, Privilege escalation, LFI |
|
VulnHub > Djinn 3 Sun, 27 Sep 2020 20:25:00 +0000 Intermediate level VulnHub challenge involving enumeration, services discovery, exploitation of a python web application via injection in the Jinja2 SSTI, uncompiling python sources, and much more. Many things to learn! |
|
VulnHub > Healthcare 1 Thu, 24 Sep 2020 20:30:00 +0000 You will need to perform a deeper enumeration than usual to discover a hidden OpenEMR installation, then exploit a SQLi vulnerability to get an initial shell, before elevating your privileges with a SUID program. |
|
TryHackMe > Dave's Blog Wed, 23 Sep 2020 16:30:00 +0000 Interesting challenge that covers many topics, including JWT Web tokens, node.js, MongoDB, Buffer Overflows and python scripting. |
|
Vulnhub > wpwn 1 Tue, 22 Sep 2020 20:03:00 +0000 Easy but funny challenge where you'll need to enumerate the web server, find a Wordpress installation, identify the vulnerable plugin and exploit it to get a shell. |
|
Vulnhub > Cherry 1 Tue, 22 Sep 2020 18:21:00 +0000 Easy challenge involving web enumeration, source code disclosure vulnerability, and privilege escalation. |
|
Vulnhub > Chili 1 Sun, 20 Sep 2020 18:21:00 +0000 Brute force an FTP account and add a privileged account in a world-writable "/etc/passwd" file to get the root flag. |
|
HackTheBox > Machines > OpenKeyS Sat, 19 Sep 2020 21:13:00 +0000 Exploit an authentication bypass vulnerability and the CVE-2019-19520 vulnerability to get the user and root flags on an OpenBSD target. |
|
TryHackMe > Jacob the Boss Sat, 19 Sep 2020 08:17:00 +0000 Easy challenge around the discovery and exploitation of JBOSS vulnerabilities. |
|
HackTheBox > Machines > Tabby Thu, 17 Sep 2020 20:08:00 +0000 Easy difficulty challenge combining several interesting techniques enumeration, local file inclusion, password protected archive, upload of a reverse shell in the Tomcat manager, privilege escalation via custom image to exploit the lxd container. |
|
HackTheBox > Machines > Cache Thu, 17 Sep 2020 06:45:00 +0000 Medium difficulty challenge where you'll need to dicover hidden locations to discover credentials, reveal hidden virtual hosts, exploit a vulnerable application with SQL injection, find a remote execution exploit, exploit memcached and docker. A lot of content to learn! |
|
HackTheBox > Machines > Admirer Sat, 12 Sep 2020 14:14:00 +0000 Enumerate the machine and discover a vulnerable adminer application. Exploit it to get an initial shell. Hook a python library to elevate your privileges and get a root access. |
|
HackTheBox > Machines > Blunder Tue, 8 Sep 2020 21:00:00 +0000 Interesting challenge, with a CMS that I was not aware of: Bludit CMS. |
|
TryHackMe, Jeff Sun, 6 Sep 2020 22:00:00 +0000 This is the hardest TryHackMe challenge that I've done so far, but also the most interesting one. You'll need to go through many steps before accessing the user flag. It combines hidden locations, virtual hosts, password protected backup files, Wordpress enumeration, docker evasion, restricted bash evasion, and much more. Very nice challenge! |
|
TryHackMe, Mindgames Fri, 4 Sep 2020 21:03:00 +0000 The user flag is quite easy to get, but the root flag requires a privilege escalation that is a bit challenging. You'll need to exploit the capabilities of openssl and compile your own *.so library. |
|
TryHackMe, Internal Thu, 3 Sep 2020 17:11:00 +0000 Interesting challenge where you'll need to enumerate services, discover hidden directories, brute force accounts, create reverse shells. The challenging part will be to exploit a local Jenkins installation running in Docker, and exploit it to get the root flag. |
|
TryHackMe, Develpy Thu, 2 Jul 2020 21:33:00 +0000 boot2root machine for FIT and bsides Guatemala CTF. Interesting challenge with code injection in a python program running on a socket. Classical root escalation via the crontab jobs. |
|
TryHackMe, djinn Thu, 2 Jul 2020 06:50:00 +0000 Intermediate level vulnerable box. Great adventure with FTP, SSH, port knocking, python scripting, decompiling and evasion. |
|
TryHackMe, Node 1 Fri, 26 Jun 2020 06:50:00 +0000 Node is a medium level boot2root challenge, originally created for HackTheBox. This challenge requires several techniques to exploit the machine, which makes it a great journey into hacking (nodejs, password cracking, password encrypted backup, privesc, exploit with mongodb, reverse engineering, ..). This is a great challenge! |
|
TryHackMe, HA Joker CTF Tue, 23 Jun 2020 12:00:00 +0000 Enumerate services, brute force accounts, discover a hidden backup, crack hashes and escalate privileges using a Linux container. |
|
TryHackMe, Blueprint Sun, 21 Jun 2020 09:11:00 +0000 Exploit a vulnerable OSCommerce web application hosted on a Windows 7 machine. Upgrade your shell session to a meterpreter in Metasploit, and dump the password hashes. |
|
TryHackMe, UltraTech Sat, 20 Jun 2020 09:00:00 +0000 Discover hidden routes in nodes.js using fuzzing techniques, and exploit an API. Then escalate your privileges exploiting docker. |
|
TryHackMe, CMesS Thu, 18 Jun 2020 23:28:00 +0000 Can you root this Gila CMS box? In this challenge by TryHackMe, you'll discover a CMS called Gila CMS and you will have to exploit it to get root. |
|
TryHackMe, Jack Thu, 18 Jun 2020 18:38:00 +0000 TryHackMe, Jack is a nice challenge where you'll have to exploit a vulnerable Worpress installation and escalate your privileges. |
|
Overflow MySQL VARCHAR() Fri, 24 Apr 2020 12:53:00 +0000 This post shows how you can overflow a VARCHAR() field and exploit it to access unexpected data from the database. |
|
What are /dev/usbmon{N} interfaces Mon, 23 Mar 2020 20:30:00 +0000 Understand what /dev/usbmon{N} interfaces are, how to capture USB traffic and how to interpret captured data. |
|
What is inside /dev/input/ Tue, 17 Mar 2020 16:00:00 +0000 Understand what is inside your /dev/input/ directory and see how you can use it to develop a keylogger. |