This article contains my first writeup on a machine from Hack The Box. If you have not checked out Hack The Box yet, I really suggest you do. Aside from providing classical CTF-style challenges, the plattform hosts plenty of vulnerable machines (boxes), which are supposed to be exploited. The boxes tend to be geared to realistic scenarios and are thus an awesome opportunity to increase your own pen testing skills.
In order to prove the exploitation of a machine, there are two different flag files stored on each machine. The first one to acquire is a file called
user.txt, which can be read by a low privileged user. The next step after initially exploiting the machine is to escalate privileges gaining access to an administrative user (root access). With this high privileged user a second file called
root.txt can be read. Both files contain a flag (an md5sum), which is supposed to be submitted on the Hack The Box website rewarding you with the corresponding points for this machine.
According to those two steps/files the article is divided into the following sections:
– Port Scan
– FTP (Port 21)
– SSH (Port 22)
– HTTP nginx (Port 80)
– HTTP nginx (Port 8080)
– Back to SSH
– Initial Enumeration
– SUID binaries
– myexec’s password
– Compile own shared Library
Continue reading “Hack The Box – Dab”
The Codegate CTF 2019 Preliminary (ctftime.org) ran from 26/01/2019, 00:00 UTC to 27/01/2019 00:00 UTC.
Within this article I want to share my quick writeup on the challenge KingMaker.
Continue reading “Codegate CTF 2019 Preliminary – KingMaker”
For the sixth time in a row now hacking-lab.com carried out the annual HACKvent. Each day from the 1st of december until the 24th a new challenge is published. I would have loved to spend more time on it, but time is a rare resource especially on the days before christmas 😉 After all I managed to solve 21 of 24 tasks:
Continue reading “HACKvent18 writeup”
The goal of this article is to explain in detail how an off-by-one vulnerability on the heap also known as poison null byte can be exploited. Although this technique does not work with the latest libc, I think it can be used very good in order to demonstrate how exploits based on heap-metadata corruption work (also check out shellphish’s how2heap).
In order to do this I created a vulnerable program, which we will use as an example to create such an exploit. If you like to, you can start by analyzing and exploiting the program on your own (at least check out Environment):
Though it is not required to the exploit the program, the source-code might be helpful:
The article is divided into the following sections:
–> Vulnerable Program
–> Heap Basics
–> Control Instruction Pointer
–> One Gadget
–> Final Exploit
Continue reading “Heap Exploitation: Off-By-One / Poison Null Byte”
The Meepwn CTF Quals 2018 (ctftime.org) ran from 13/07/2018, 19:00 UTC to 15/07/2018 19:00 UTC.
There were a lot of interesting-looking challenges. As always, time was the limiting factor 😉 I managed to spend 2 hours on saturday morning solving the pwn challenge babysandbox.
Continue reading “Meepwn CTF Quals 2018 – babysandbox”
As every year hacking-lab.com carried out the annual Hacky Easter event with 27 challenges. I could not spend as much time as I would have liked to on solving the challenges, but after all I managed to collect 25 of the 27 eggs and focused on this writeup.
Continue reading “Hacky Easter 2018 writeup”
The angstromCTF 2018 (ctftime.org) ran from 16/03/2018, 20:00 UTC to 23/03/2018 00:00 UTC.
As the description on ctftime.org states, the ctf is primarily geared towards high school students but with a very wide range of challenge difficulty.
There have been a lot of interesting challenges which have been fun to do. I decided to make a writeup for the pwn challenge hellcode.
Continue reading “angstromCTF 2018 – writeup hellcode”
In the last lab we focused on Misc and Stack Cookies. In this next to last lab some characteristics when dealing with C++ are introduced.
The lab contains only two levels:
Continue reading “RPISEC/MBE: writeup lab09 (C++)”
While the last lab introduced the subject of Heap Exploitation, this lab focuses on Misc and Stack Cookies.
The lab contains three levels again ranging from C to A:
Continue reading “RPISEC/MBE: writeup lab08 (Misc and Stack Cookies)”
The Texas A&M University CTF (ctftime.org) ran for over one week from 17/02/2018, 00:00 UTC to 26/02/2018 00:00 UTC. There have been a lot of challenges starting at a very easy difficulty.
I did the five pwn challenges ranging from 25 to 200 points:
–> pwn1 (25 pts)
–> pwn2 (50 pts)
–> pwn3 (75 pts)
–> pwn4 (125 pts)
–> pwn5 (200 pts)
Continue reading “TAMUctf 18 – writeup pwn1-5”