Hi everyone! This article is on a Linux easy machine that requires enumerating the downloaded metadata of the PDF file from tbe website for foothold, enumerating directories for password to another user, and finally exploiting sudo privilege misconfiguration and Yaml.load Ruby deserialization for privilege escalation. Let’s get started! 1. Nmap $ IP=10.10.11.189 $ sudo nmap […]
Hi everyone! Recently I went to South Korea and it was my first time going to South Korea. It was a really short trip as we only went there for 4 days 3 nights. The 4th day was practically nothing as our plane departed at 1pm. Thus, we had to rush to the airport after […]
Hi everyone! This write-up is on an easy Linux machine which focused on enumerating the webpage source for backdoor access to login to a webpage, using command injection vulnerability for initial access, and path hijacking via sudo for root privilege. Let’s get started! 1. Nmap enumeration $ IP=10.10.11.182 $ sudo nmap -sC -sV -p- $IP […]
Hi there! This year is my first time taking part in Flare-On CTF. This year’s Flare-On was held from 1st October 2022 to 12th November 2022. There are a total of 11 challenges in this year’s Flare-On. Do download and reverse engineer the binary as my write-up doesn’t include screenshots the whole reverse engineering process. […]
Are you facing a situation where you do not have access to Microsoft Store such as using Tiny10 or your PC is in an offline network? Fear not. There are ways to install the official WinDBG Preview package by following the steps below! 1. Obtaining Appx Firstly, go to https://store.rg-adguard.net/ and paste the link of […]
Have you ever downloaded a binary or file but are tired of searching for it hiding in some subfolder in your Document folder? Ever wonder how installed programs can be found in the start menu’s search? There is actually a simple solution! Firstly, go to the following path by pasting it on your File Explorer’s […]
Hi everyone! This is a Linux machine where the initial access is very CTF-like thus is not to my liking. However, I like the privilege escalation method as it is not very common. The initial access requires us to enumerate DNS such as zone transfer to reveal the subdomain name. There are plenty of rabbit […]
Hi everyone! This machine is an Active Directory machine where we have to enumerate SMB shared folder, use dnSpy to reverse engineer a .NET binary for LDAP credentials, LDAP query to find another user’s credentials, initial access via winrm, and privilege escalate using Kerberos Resource-based Constrained Delegation. Let’s get started! Nmap enumeration $ IP=10.10.11.174 $ […]
Hi everyone! This is a Windows machine that only test Active Directory related content during privilege escalation. For initial access, we have to enumerate SMB for a password protected ZIP file which stores a password protected PFX file. Cracking using zip2john and crackpkcs12 was done before generating a public and private key using the PFX […]
Hi everyone! This is a Linux machine that requires exploiting SSTI in a Java SpringFramework application via a search bar on the webpage for RCE and then initial access. For privilege escalation, we will need to emulate what group the user is in, discover a log file he/she has access to, use pspy to discover […]
Lamecarrot 
You must be logged in to post a comment.