I have exactly one write-up for this CTF. The challenge chosen was a Fullpwn, specifically a machine called Volnaya. An enumeration of the machine with nmap reveals port 22 offering SSH services, and port 80 with an nginx web service. A peek at the web site showed nothing of any […]
I’ve been playing around with a selection of fun reversing tooling recently and thought it might be fun to go through a basic challenge to escalate privileges via a vulnerable executable. The first tool we’re going to use is gdb but we’re going to extend its capabilities significantly with pwndbg. […]
This challenge from the competition was a “fullpwn“, which essentially meant it was a traditional Hack The Box challenge which required you to get both the user and root flags. This one was graded as “very easy” and for once I’d agree with that. The box was running a web […]
This challenge from the CTF was hosted in a Docker container which was running an http server. Browsing to the site revealed a webpage, but no links on the page went anywhere. This sounds like a job for gobuster: The ‘dashboard’ endpoint was interesting, but needed authentication, so I took […]
I didn’t have much time to take on the challenges in this CTF, and as a team of one, my chances of doing much were pretty limited. That said, I was going to use what time I had to give it go. The opening challenge involved connecting to a port […]
Last year, vulnerabilities were discovered in Windows which – using Microsoft’s Encrypting File System Remote Protocol (MS-EFSR) – allowed exploitation via Active Directory Certificate Services (AD CS). Whilst Microsoft provided patches which prevented the original PetitPotam attack, another called ShadowCoerce used a different endpoint and allowed a similar route to […]
OpenSource is an ‘easy’ recent box that I started just as it was coming to the end of its time in the Release Arena. It took me a while longer than I would have liked. So long in fact, it had dropped into the regular area with a different IP […]
This weeks exciting episode of Hack The Box was breaking into RouterSpace, a very easy box that took longer than it should. I ended up with a pair of speed bumps. One was because I couldn’t get an Android emulator running on my usual Kali box in the way I […]
Over the years I’ve run quite a few different websites. Most of them have ended up in Internet dustbin but now and again there is content I want to preserve. Recently I pulled a site from a server that was so old it’d begun making trips to Bournemouth and getting […]
Around a decade or so ago Chris Tarrant used to be the host of a show called Who Wants To Be a Millionaire? shown on ITV in the UK. This show has become a franchise sold worldwide, so wherever you are reading this, you’ve probably seen an incarnation on your […]