Posts
-
CyBRICS CTF Writeups
Final rank: 112/775 with 7 challenges solved
Read more -
INS'HACK CTF Writeups
Read more -
HackTheBox: Carrier writeup
Carrier was a very interesting box where a web command injection gave access to a BGP router. After some BGP Hijacking magic, it was possible to retrieve the FTP credentials of a rich Nigerian Prince, which allowed us to read the flag stored on this FTP server…
Read more -
35C3 CTF Writeups
This weekend was held the 35th Chaos Communication Congress (35C3) as long as its excellent CTF. Hopefully, a Junior CTF was also proposed, which was way more accessible than the main CTF (at least for me ). In this post, you’ll find concise writeups of most of the challenges my team and I solved from both CTFs.
Read more -
Upgrading to a fully interactive reverse shell
Let’s say you’re in the middle of a hacking challenge or pentesting assessment and you finally manage to get a reverse shell on your target. This short article will explain you how to obtain a fully interactive version of your reverse shell, that will allow commands like
Read moresu
,vi
,nano
,ssh
, etc… but also CTRL+C and tab completion. -
HackTheBox: Hawk writeup
Hawk has been retired from HackTheBox active machines so here is my writeup explaining how I rooted this machine.
In this article, we will crack a salted OpenSSL encrypted file, upload a reverse shell to an instance of Drupal 7 CMS. Then, we will use a SSH port-forwarding trick to access a H2 database console disallowing remote connections and exploit this app to get root on the machine. Enjoy your reading!
Read more -
Linux Privilege Escalation: Abusing shared libraries
Linux applications often use dynamically linked shared object libraries. These libraries allow code flexibility but they have their drawbacks… In this article, we will study the weaknesses of shared libraries and how to exploit them in many different ways. Each exploit will be illustrated by a concrete example, which should make you understand how to reproduce it. I’ll give recommendations on how to protect your system against it in the final part of the article.
Read more -
HackTheBox: Bounty writeup - Metasploit basics
Hack The Box is an online platform that allows you to test your pentesting skills on virtual machines intentionally left vulnerable. It is a great place to learn and the community is very helpful so I warmly recommend you to check this site out.
This machine was pretty easy so I’m going to take this opportunity to explain you the basics of the Metasploit framework.
Read more -
HackTheBox: DevOops writeup
Hack The Box is an online platform that allows you to test your pentesting skills on virtual machines intentionally left vulnerable. It is a great place to learn and the community is very helpful so I warmly recommend you to check this site out.
In this article, I’ll detail every step I’ve gone through in order to root the DevOops box, from the reconnaissance phase to the privilege escalation.
Read more -
Steganography Tutorial: Least Significant Bit (LSB)
This article details a common steganography method known as the Least Significant Bit. This technique is very efficient because of its simplicity and its ability to be undetectable to the naked eye. After reading this, you’ll be able to hide a message inside a picture using this technique, but also to detect any dissimulated message.
Read more -
Basic Steganography: Vous n'avez pas les bases - NDH16
A steganographic challenge showing the essential tools for PNG analysis and manipulating encoding bases.
Read more -
XML External Entities: Wonkachall-step1 - NDH16
This challenge covers one of the most efficient and popular attack against web servers. It is also the first of a series of 6 challenges from the NDH16 public CTF.
Read more -
Data exfiltration with PING: ICMP - NDH16
An interesting forensic challenge covering a famous method of data exfiltration…
Read more -
PCAPNG Forensics: Decode - NDH16
A warm-up forensic challenge proposed by NDH16…
Read more -
A very fine cipher: Warmup - AngstromCTF
Here comes the first Cryptographic challenge! We’ll start with an easy one but nonetheless useful. We will establish the mathematical foundations needed for understanding more complicated codes such as RSA…
Read more -
Introduction to Buffer Overflows: CookieJar - AngstromCTF
For my first article on this blog, I’ll present you my write-up of “CookieJar” from the AngstromCTF. This challenge was accessible and very straight-forward, which constitutes the prefect opportunity to introduce Buffer Overflows…
Read more
subscribe via RSS