I had time to do a couple challenges for this event. This one was the one I enjoyed the most and since it includes two different techniques, I decided to do a writeup. Enjoy The flag is the SSH key for user operations. ContinuuOS is a web application running under […]
The Quebec Gouvernment launched a CTF platform with only a link as information.The link is https://www.cyber.gouv.qc.ca/ctf/ctf1.enc I tried a lot decoding tools, algorithms and even created a script to count the number of repetitive sequences in a large string. Finally I had an idea. Looking at the last password we […]
Everybody into IT Security knows about The Metasploit Framework from Rapid7. This weekend I had the chance to attend their own CTF event partnered with THM. This is a HackQuest CTF where teams have to pentest a machine running several services on ports up to 35000. Access & Enumeration We […]
Open the attached file, we see an email that was to a student. So what we have so far : The name of the student : Hans Deutshmeister The password is your personal zipcode A base64 string which is the PDF file First thing I did was decode the base64 […]
Clicking the Challenge link brought me to this website. We will have to provide a facial picture, A full name and a voice sample. At this point anything I tried did not work. I started digging further into the website source code. Time to try to log as Helena! I […]
Nmap reveals ssh on port 22 and a website on port 80. I found a nice exploit on GitHub that will provide a reverse shell. Let’s start a listener. Time for escalation. Enumeration didn’t take long 😉 This should be fairly easy! Done!!! Rooted!
Nmap reveals FTP, SSH and HTTP. I couldn’t log successfully on FTP so went to the website. The pcap had nothing really interesting. Going back to the website and looking at the URL http://10.10.10.245/data/1 I wondered what was at /data/0. It seems like an older report. I downloaded it. After […]
Nmap reveals telnet port which seems to be a remote management endpoint for JetDirect printer. Let’s try it! I’m gonna need to find the password for this… After a while I found this blog post showing how to exploit by “Getting a JetDirect password remotely using the SNMP vulnerability“. I’ll […]
Nmap reveals a lot of ports on this machine. My attention is brought to the SMB server. There is not possible NTLM relay since signing is required but I’ll give it a look if there is anything interesting. Unfortunately no guest login available. Let’s check the website running on port […]
The vulnerability I will exploit is known as Eternal Blue MS17-010. Let’s fire up metasploit!