Protostar is a series of beginner binary exploitation challenges which showcases concepts like basic stack-based buffer overflows, bypassing stack protections and even performing format string attacks. I tried out these challenges as I have close to 0 experience with binary exploitation and wanted to learn some of it and it turned out fun. So let’s get to protostar6 and learn some ret2libc !
Source code analysis and some recon
We are given the source code below to protostar6.c
As of previous challenges, our goal is get code execution on the target host which has the compiled binary of this…
Hackpack has recently concluded and we placed 47th out of 447 teams. In this short writeup we look at Yaml-2-Json in the web category
In this challenge we exploit a code execution vulnerability in pyYaml- a yaml parser and emitter for python. The server is using pyYAML and Flask.
We get a simple web page with an option to parse yaml to json. I thought of using python payloads to get some code execution but they failed at first.
We Spin off the instance and get right into some enumeration. We can begin with some nmap or rustscan scanning to identify open ports
In this brief walk-through , we will be hacking a vulnerable database server by showcasing the res room in Tryhackme.
As always, spin up our machine instance and begin some enumeration. For speed and more accuracy, I perform a port scan using rustscan( an incredibly fast port scanning tool) and then do a default scripts and vuln scan using nmap as shown below
rustscan -a <IP>
nmap -sC -sV --scripts=vuln <IP> -p 80,6379
ASPIRE CTF was a good refresher for basic CTF skills. I hopped onto it played and solo to get the most out of it. Below is a detailed walk-through for all the challenges I solved in the Linux skills category
Welcome to another episode of spending 4 hours to automate something that would take me 5 minutes to manually do 😂But hey, this was a fun project to do and it proved useful in my day to day project workflow.
In this article, I will show you how you can automate your workflow too :)
How does my workflow look like
Besides being a CTF player, I am also a freelance web developer. This means I take on a number projects from time to time and experiment with different technologies occasionally.
Identifying recurring tasks in the workflow
My workflow is…
Crontab Privilege escalation
In this awesome beginner friendly CTF, I will be taking you through how I rooted the box. https://ctf.cyberspace.co.ke/vault/stegapwn
The challenge is divided into guiding questions. From the name of the challenge, we can deduce some steganography and Pwning will be involved.
What is the IP, passphrase, username, password?
Starting off with steganography, I downloaded the cheetah image to my machine. Tried some low hanging fruits like viewing the strings of the image using
exiftool to extract some metadata from the image.
xxd to check for some corrupted bytes,
binwalk but none gave in.