Follow my journey
Cross-site scripting or XSS has been one of those vulnerabilities in security that I am aware of and can exploit with a lot of luck but never really understand the ins and outs. Being that I’m tired of guessing and checking to exploit these vulnerabilities we are going to start with the basics and try... Continue Reading →
Here are my notes/answers for leviathan. Was surprised at the ease of these challenges as I remember attempting them a couple of months ago and being absolutely clueless after level 1. Guess that's a nice sign of improvement! Level 0 User: leviathan0 Pass: leviathan0 ‘ls -a’ reveals a directory called ‘.backup’ which contains a file... Continue Reading →
Level 20 User: natas20 Pass: eofm3Wsshxc5bwtVnEuGIlr7ivb9KABF Back to having source code, let’s take a look and find the important stuff. if($_SESSION and array_key_exists("admin", $_SESSION) and $_SESSION["admin"] == 1) { print "You are an admin. The credentials for the next level are:<br>"; print "<pre>Username: natas21\n"; print "Password: <censored></pre>"; } So first we can see that there... Continue Reading →
Levels 0-9 can be found at https://cramhack.com/2019/02/11/overthewire-natas-0-10/ Level 10 User: natas10 Pass: nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu Here we see that our input will be sent as a parameter in the command ‘grep -i $key dictionary.txt’ using the form to input ‘. /etc/natas_webpass/natas11’ will become ‘grep -i . /etc/natas_webpass/natas11 dictionary.txt’ What this is doing is searching for lines containing... Continue Reading →
Lately I've been working on the Natas challenges again. Been a while since I have but I was surprised at how much easier the challenges were for me now compared to the last time. Here are levels 0 through 9. While these challenges are very basic the later Natas challenges have actually gotten quite intuitive.... Continue Reading →
To solve this quickly please look at the method stated at the bottom of the page. Firstly we download the zip from htb and unzip this to obtain the file we will be reversing ‘snake.py’. I will be completing this challenge using kali linux x64 but it should be very similar on any OS with... Continue Reading →
Recently I’ve been reading Programming from the Ground Up by Jonathan Bartlett to begin my journey into reverse engineering and malware analysis. After spending a bit of time on this book I was very interested in seeing my new knowledge at work. So I took to hackthebox and found the perfect task. Under Reversing I... Continue Reading →
As I continue to post my notes for retired boxes you will likely notice a drastic increase in detail. A few boxes were completed when I was just getting into cyber security and since then I have learned a lot in regards to documentation. Simply based off of the name here we can determine this... Continue Reading →
This box isn’t too bad and was actually pretty educational. First we started off with an nmap scan, noticing only one port open “3000”. Using the flag -sV we can use banner grabbing to determine what service is running on the port. We then found out it was node.js and a web host. So we... Continue Reading →
