Hack The Box – Response

Ever since I played Hack The Box, I have wanted to create a box myself. As the time went by, I encountered so much cool vulnerabilities and techniques both in real-world engagements and CTFs, which I thought would be fun to put in a box. The result of this is Response.

Introduction
User (→ bob)
    – Enumeration
    – Server Side Request Forgery
    – Internal Chat Application
    – Cross-Protocol Request Forgery
Scanning Script (bob → scryh)
    – Make own HTTPS Server being scanned
    – Setting up own DNS Server
    – Setting up own SMTP Server
    – Directory Traversal
Incident Report (scryh → root)
    – Decrypting Meterpreter Session
    – Restoring RSA private key

Continue reading “Hack The Box – Response”

VolgaCTF 2019 Qualifier – Blind

The VolgaCTF 2019 Qualifier (ctftime.org) took place from 29/03/2019, 15:00 UTC to 31/03/2019 15:00 UTC.

There has been a really interesting RSA crypto challenge called Blind, which I would like to share with you in this writeup.

The article is divided into the following sections:

Challenge description
What does the script do?
Blind RSA Signature
Retrieving the Flag

Continue reading “VolgaCTF 2019 Qualifier – Blind”