Fala galera! até o dia 17/04 rolou a 1ª etapa do Hackaflag 2019.Consegui a 4ª colocação nesse etapa e os desafios foram bem legais.
Resolvi trazer esses dois porque foram os que achei mais divertidos de resolver.
PS: Esses foram os métodos que usei para resolver, talvez não os melhores, mas com certeza cheguei nas flags xd
1 Desafio -> MISC
Descrição: Por mais pequeno que seja, esse desafio vem com a missão de fazer você conhecer um formato de arquivo EPS e entender como ele é composto.
Além dessa breve descrição nos é dado um arquivo para download. …
Hey guys! In this post I will be showing how I solved the machine “Frolic” from HackTheBox.
It was a pretty ctf like machine, and well… I love ctfs, so that turned out to be really fun, specially priv esc part.
I’ll be posting the links where I got some references on how to proceed when I got a bit stucked.
Let’s start with our standard nmap scan:
nmap -sV -sC -v 10.10.10.111# Nmap 7.60 scan initiated Sat Mar 16 08:43:07 2019 as: nmap -sV -sC -v -o frolic 10.10.10.111
Nmap scan report for 10.10.10.111
Host is up (0.23s latency).
Hello everybody! This is how I solved one of the many reversing problems at TAMUCTF 2019. This one was Keygenme, a pretty standard kind of challenge but yet very fun to solve it, let’s go.
Let’s start by running the binary that was given to us and see what it says.
Hey guys! This post i’m my mindset on how I solved the Wordpress challenge from TAMUCTF2019
This kind of challenge is very similar to those HackTheBox challenges, where you have to get RCE from a system and then escalate your privileges to root! Let’s GO.
As I said before our goal is to get the flag inside “/root/flag.txt” since it is inside the root folder we must become root to read it. (Most of the time)
We’re given an openvpn config file to connect to that docker network where the machine is running.
Let’s start our enumaration with nmap.
Hey guys, This is how I solved the Onboading Checklist Challenge from TamuCTF 2019. This kind of challenge you don’t see everyday so it was a lot of fun and really simple. Let’s GO.
The Challenge presents itself with this message. Apparently “importantperson” has allowed “someguy” to ask for new account request for the new employees and asked “someguy” to send an e-mail to email@example.com with the new employee’s e-mail address.
So, all we have to do is send a spoofed email to tamuctf@gmail pretending to “someguy” with our e-mail address.
Hey Guys! This post i’ll be showing you how I managed to solve PWN3 challenge from TAMUCTF2019!
This was a standard stack execution where we had to insert our shellcode in the stack and point ou EIP there to execute it. Let’GO
Let’s execute the binary locally to see what happens.