I had time to do a couple challenges for this event. This one was the one I enjoyed the most and since it includes two different techniques, I decided to do a writeup. Enjoy The flag is the SSH key for user operations. ContinuuOS is a web application running under […]
The Quebec Gouvernment launched a CTF platform with only a link as information.The link is https://www.cyber.gouv.qc.ca/ctf/ctf1.enc I tried a lot decoding tools, algorithms and even created a script to count the number of repetitive sequences in a large string. Finally I had an idea. Looking at the last password we […]
Everybody into IT Security knows about The Metasploit Framework from Rapid7. This weekend I had the chance to attend their own CTF event partnered with THM. This is a HackQuest CTF where teams have to pentest a machine running several services on ports up to 35000. Access & Enumeration We […]
Open the attached file, we see an email that was to a student. So what we have so far : The name of the student : Hans Deutshmeister The password is your personal zipcode A base64 string which is the PDF file First thing I did was decode the base64 […]
Clicking the Challenge link brought me to this website. We will have to provide a facial picture, A full name and a voice sample. At this point anything I tried did not work. I started digging further into the website source code. Time to try to log as Helena! I […]
What is the Cloud? On-Premises Information Systems Architecture WORKLOAD SERVICES VIRTUAL MACHINES VIRTUALIZATION PHYSICAL INFRASTRUCTURE PHYSICAL FACILITY Cloud Architecture WORKLOAD SERVICES VIRTUAL MACHINE MANAGEMENT PLANE(ex Azure Portal) VIRTUALIZATION(managed by provider) PHYSICAL INFRASTRUCTURE(managed by provider) PHYSICAL FACILITY(managed by provider) Types of Cloud Services SOFTWARE AS A SERVICE PLATFORM AS A SERVICE […]
Nmap reveals ssh on port 22 and a website on port 80. I found a nice exploit on GitHub that will provide a reverse shell. Let’s start a listener. Time for escalation. Enumeration didn’t take long 😉 This should be fairly easy! Done!!! Rooted!
Nmap reveals FTP, SSH and HTTP. I couldn’t log successfully on FTP so went to the website. The pcap had nothing really interesting. Going back to the website and looking at the URL http://10.10.10.245/data/1 I wondered what was at /data/0. It seems like an older report. I downloaded it. After […]
Nmap reveals telnet port which seems to be a remote management endpoint for JetDirect printer. Let’s try it! I’m gonna need to find the password for this… After a while I found this blog post showing how to exploit by “Getting a JetDirect password remotely using the SNMP vulnerability“. I’ll […]
Nmap reveals a lot of ports on this machine. My attention is brought to the SMB server. There is not possible NTLM relay since signing is required but I’ll give it a look if there is anything interesting. Unfortunately no guest login available. Let’s check the website running on port […]