drsh0's llog

my ๐’earning ๐’og; notes on cybersec activities, ctfs, and ill-equipped cyber adventures. Consume responsibly.

General writeup notes for Pentesterlab's Serialize badge. This post does not contain any spoilers. This is just information collected by me to understand the exercises better.

TODO โ€“ XMLDecoder โ€“ CVE-2016-0792 โ€“ ObjectInputStream โ€“ CVE-2013-0156: Rails Object Injection โ€“ API to Shell

#web #pentesterlab #Serialize

Read more...

difficulty: easy
status: retired
platform: linux
ip: 10.10.10.3
URI: https://www.hackthebox.eu/home/machines/profile/1
Read more...

๐Ÿ”— https://capture.tf/

Another year of a fantastic WA based CTF made by the community for the community. As always, a lot was enjoyed, keyboards were mashed, and much was learnt. Thanks to all the organisers for making this so special. Only regret is not being able to play in person at Perth ๐Ÿ˜ข.

Read more...

source: https://pentesterlab.com/badges/recon โ€“ no spoilers!

Read more...

Get started with Cyber Security in 25 Days โ€“ Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas.

https://tryhackme.com/room/adventofcyber2

Here are my writeups! Happy Holidays folks ๐ŸŽ„

Read more...

URI: https://www.vulnhub.com/entry/bossplayersctf-1,375/ Difficulty: Easy

Aimed at Beginner Security Professionals who want to get their feet wet into doing some CTF's. It should take around 30 minutes to root.

Read more...

URI: https://www.vulnhub.com/entry/funbox-2-rockie,520/ Difficulty: Easy

Boot2Root ! This can be a real life scenario if rockies becomes admins. Easy going in round about 15 mins. Bit more, if you are find and stuck in the rabbit-hole first.

Read more...

Sharing some notes I recorded during @AletheDenis' OSINT CTF Strategy and Tactics II event back in September 2020. I hope it helps!

It covers some tips, strategies, and common mistakes to avoid in order to get the most out of OSINT CTFs.

#osint #ctf

Read more...

https://tryhackme.com/room/jack

Summary

  • exploit Wordpress web server
  • gain user shell
  • use Python to escalate to root

Tools Used

  • nmap, wpscan, python, pspy
Read more...

https://holidayhackchallenge.com/2020/

Updating this as soon as the event starts in mid-December 2020 ๐ŸŽ„

Read more...