Hack The Box – Response

Ever since I played Hack The Box, I have wanted to create a box myself. As the time went by, I encountered so much cool vulnerabilities and techniques both in real-world engagements and CTFs, which I thought would be fun to put in a box. The result of this is Response.

Introduction
User (→ bob)
    – Enumeration
    – Server Side Request Forgery
    – Internal Chat Application
    – Cross-Protocol Request Forgery
Scanning Script (bob → scryh)
    – Make own HTTPS Server being scanned
    – Setting up own DNS Server
    – Setting up own SMTP Server
    – Directory Traversal
Incident Report (scryh → root)
    – Decrypting Meterpreter Session
    – Restoring RSA private key

Continue reading “Hack The Box – Response”

ASIS CTF Quals 2021 – ASCII art a a service

The ASIS CTF Quals 2021 (ctftime.org) took place from 22/10/2021, 15:00 UTC to 24/10/2021, 15:00 UTC providing a total amount of 24 challenges.

One of those challenges I really enjoyed was ASCII art as a service. This article contains my writeup for the challenge and is divided into the following sections:

Challenge Description
Source Code
Solution

Continue reading “ASIS CTF Quals 2021 – ASCII art a a service”