In this post, I’ll be describing how I found 5 bugs on a private HackerOne program. The website that I attacked was a new CTF hosting provider, and I had actually participated in a CTF using this provider prior to being invited to their private program.

Please note that as the program is private, I can’t show the exact pages exploited, or show any of the exact code that I used to exploit them.

Race Condition in Flag Submission

Out of all bugs submitted, I believe that this had the highest severity. …


Around 6 months ago, HMGCC released a challenge and offered a challenge coin to anyone who completed it. I started pretty late on, but managed to get it done in time. This consisted of 7 stages, ranging from reverse engineering to traffic analysis. At the time of writing, you can still have a go yourself here.

Challenge One (Introduction)

Once on the dashboard, I was presented with the following:


At the end of March this year, Hack@UCF released a CTF in collaboration with BSides Orlando 2019. Our team ended up coming 13th, narrowly missing out on a top 10 spot. You can find the homepage for this CTF here.


You can try the tool yourself here, or view the project on GitHub.

Over the last couple of months, I have been developing an online image Steganography tool designed to combine and enhance the features of other separate tools. It’s open-source and due to the nature of Angular, it’s easy to add to.

Usage

First navigate to the site below:

Once there, upload your image:

You’ll then be redirected to the image homepage.


This is a write-up for the recently retired Secnotes machine on the Hack The Box platform. If you don’t already know, Hack The Box is a website where you can further your cybersecurity knowledge by hacking into a range of different machines.

TL;DR: SQLi & WSL Escape | I did this box a few months ago, so the commentary on it may be a little rusty. It’s clear that it was popular, since it wasn’t voted out for so long. …


This is a write-up for the recently retired Waldo machine on the Hack The Box platform. If you don’t already know, Hack The Box is a website where you can further your cybersecurity knowledge by hacking into a range of different machines.

As opposed to the more generic two-stage boxes, Waldo was unique in that there were three challenges to overcome, and each had completely different methods needed to do so. Whilst the third stage was a little tedious and hard to explain, I learnt about some small Linux functions that I never knew existed before.

PART ONE: USER

The usual nmap scan…


This is a write-up for the recently retired Bounty machine on the Hack The Box platform. If you don’t already know, Hack The Box is a website where you can further your cybersecurity knowledge by hacking into a range of different machines.

TL;DR: .config webshell & Metasploit Privesc. | In this box, I wasted a lot of time trying to get an initial foothold, since it’s rare to have to perform so many different dirb scans in order to find anything useful. However, once I worked out what I had to do, the box was both fun and interesting. …


I’ve always avoided learning more about SQL Injections, since they’ve always seemed like quite a daunting part of Infosec. Because of this, I finally decided to put in some time to an SQLi-focused wargame in order to sharpen my skills a little. You can find the challenges at the website below:

There are only a few rules:

  • Find the username (user()) and version (version()) of the site.
  • Use Union statements for all.
  • Do not use information_schema to get any information.
  • Obviously, no tools (i.e. Sqlmap, Sqlninja etc).

Level 1: Super Easy

http://www.zixem.altervista.org/SQLi/level1.php?id=1

This challenge was a straight-forward Union-based injection.

To help us do this, let’s…


This is a write-up for the recently retired DevOops machine on the Hack The Box platform. If you don’t already know, Hack The Box is a website where you can further your cybersecurity knowledge by hacking into a range of different machines.

TL;DR: XXE & Git Reverts. | While DevOops is known to be fairly easy, it was still good practice and fun to do. While I have seen both the same user and root methods in other CTFs before, they were both presented well, and overall the box was very well-structured.

PART ONE: USER

Our initial nmap scan reveals only two ports…


This is a write-up for three of the challenges in the CSAW 2018 Red Team Qualifiers. I participated in this with my team, even though we aren’t eligible for the prizes. The competition lasted the from September 21st to September 30th.

For these challenges, we were given a REST API which we had to exploit, built on a Flask back-end. The first challenge was worth 100 points, the second was worth 250, and the third was worth 500. …

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store