There is no excerpt because this is a protected post.
Protected: HTB – Escape writeup
HTB – Stocker Writeup
Recon Nmap Directory listing The web app Exploit Auth Bypass PDF Injection The following is the request that was done to puchase an Axe A quick google search lead me here : https://www.triskelelabs.com/blog/extracting-your-aws-access-keys-through-a-pdf-file Maybe we can get info from the Database Let’s see if I can find any interesting files […]
Tenable CTF – ContinuuOS writeup
I had time to do a couple challenges for this event. This one was the one I enjoyed the most and since it includes two different techniques, I decided to do a writeup. Enjoy The flag is the SSH key for user operations. ContinuuOS is a web application running under […]
cyber.gouv.qc.ca CTF1 Writeup
The Quebec Gouvernment launched a CTF platform with only a link as information.The link is https://www.cyber.gouv.qc.ca/ctf/ctf1.enc I tried a lot decoding tools, algorithms and even created a script to count the number of repetitive sequences in a large string. Finally I had an idea. Looking at the last password we […]
Metasploit Community CTF Writeup
Everybody into IT Security knows about The Metasploit Framework from Rapid7. This weekend I had the chance to attend their own CTF event partnered with THM. This is a HackQuest CTF where teams have to pentest a machine running several services on ports up to 35000. Access & Enumeration We […]
CyberSecurityRumble 2021 – Result Writeup
Open the attached file, we see an email that was to a student. So what we have so far : The name of the student : Hans Deutshmeister The password is your personal zipcode A base64 string which is the PDF file First thing I did was decode the base64 […]
CyberSecurityRumble 2021 – Biometric Vault Writeup
Clicking the Challenge link brought me to this website. We will have to provide a facial picture, A full name and a voice sample. At this point anything I tried did not work. I started digging further into the website source code. Time to try to log as Helena! I […]
AZ-900 Cheatsheet
What is the Cloud? On-Premises Information Systems Architecture WORKLOAD SERVICES VIRTUAL MACHINES VIRTUALIZATION PHYSICAL INFRASTRUCTURE PHYSICAL FACILITY Cloud Architecture WORKLOAD SERVICES VIRTUAL MACHINE MANAGEMENT PLANE(ex Azure Portal) VIRTUALIZATION(managed by provider) PHYSICAL INFRASTRUCTURE(managed by provider) PHYSICAL FACILITY(managed by provider) Types of Cloud Services SOFTWARE AS A SERVICE PLATFORM AS A SERVICE […]
HTB – Knife Writeup
Nmap reveals ssh on port 22 and a website on port 80. I found a nice exploit on GitHub that will provide a reverse shell. Let’s start a listener. Time for escalation. Enumeration didn’t take long 😉 This should be fairly easy! Done!!! Rooted!
HTB – Cap Writeup
Nmap reveals FTP, SSH and HTTP. I couldn’t log successfully on FTP so went to the website. The pcap had nothing really interesting. Going back to the website and looking at the URL http://10.10.10.245/data/1 I wondered what was at /data/0. It seems like an older report. I downloaded it. After […]