drsh0's llog

difficulty: easy
status: retired
platform: linux
ip: 10.10.10.3
URI: https://www.hackthebox.eu/home/machines/profile/1

🔗 https://capture.tf/

Another year of a fantastic WA based CTF made by the community for the community. As always, a lot was enjoyed, keyboards were mashed, and much was learnt. Thanks to all the organisers for making this so special. Only regret is not being able to play in person at Perth 😢.

source: https://pentesterlab.com/badges/recon – no spoilers!

Get started with Cyber Security in 25 Days – Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas.

https://tryhackme.com/room/adventofcyber2

Here are my writeups! Happy Holidays folks 🎄

URI: https://www.vulnhub.com/entry/bossplayersctf-1,375/ Difficulty: Easy

Aimed at Beginner Security Professionals who want to get their feet wet into doing some CTF's. It should take around 30 minutes to root.

URI: https://www.vulnhub.com/entry/funbox-2-rockie,520/ Difficulty: Easy

Boot2Root ! This can be a real life scenario if rockies becomes admins. Easy going in round about 15 mins. Bit more, if you are find and stuck in the rabbit-hole first.

General writeup notes for Pentesterlab's Serialize badge. This post does not contain any spoilers. This is just information collected by me to understand the exercises better.

TODO – XMLDecoder – CVE-2016-0792 – ObjectInputStream – CVE-2013-0156: Rails Object Injection – API to Shell

#web #pentesterlab #Serialize

Sharing some notes I recorded during @AletheDenis' OSINT CTF Strategy and Tactics II event back in September 2020. I hope it helps!

It covers some tips, strategies, and common mistakes to avoid in order to get the most out of OSINT CTFs.

#osint #ctf

https://tryhackme.com/room/jack

Summary

• exploit Wordpress web server
• gain user shell
• use Python to escalate to root

Tools Used

• nmap, wpscan, python, pspy

https://holidayhackchallenge.com/2020/

Updating this as soon as the event starts in mid-December 2020 🎄