Ctf

Absolute involved extracting usernames from image’s meta data, using a tool named anarchy to generate pattern for generating usernames, using kerbrute to find valid usernames, we’ll get a user d.klay who has pre-authentication disabled leading to AS-REP roasting, cracking the hash the credentials won’t work as NTLM auth is disabled…

Boot the box and find a way in to escalate all the way to root! https://tryhackme.com/room/valleype Solution Start the machine and wait for the ip address to become available. You can test that you can connect to the machine by doing a simple ping command ping $IP. To enumerate the machine…

This is my 18th write-up for Postman, a machine from TJNull’s list of HackTheBox machines for OSCP Practice. The full list can be found here. In a general penetration test or a CTF, there are usually 3 major phases that are involved. Enumeration and Scanning (Information Gathering). Initial Foothold. Privilege…

Hi there, I’m glad to see you here. In this article, we’ll solve together the “Nibbles” room in Hack The Box. In some sections, I’ll share brief about the subject. Don’t forget! You must always research to learn more. I hope it will be helpful for you. Let’s start! Contents: …

Pico CTF 2023 — Power Analysis: Warmup ( Cryptography ) 200points Unintended Solution ? This challenge tends to demonstrates one of the famous side channel attacks out there, but this has to do with AES, starting the instance of the challenge, we see a file, downloading it and on opening we got #!/usr/bin/env python3 import random, sys, time with open("key.txt", "r") as f…

This is my 17th write-up for Frolic, a machine from TJNull’s list of HackTheBox machines for OSCP Practice. The full list can be found here. In a general penetration test or a CTF, there are usually 3 major phases that are involved. Enumeration and Scanning (Information Gathering). Initial Foothold. Privilege…

This is my 16th write-up for Blocky, a machine from TJNull’s list of HackTheBox machines for OSCP Practice. The full list can be found here. In a general penetration test or a CTF, there are usually 3 major phases that are involved. Enumeration and Scanning (Information Gathering). Initial Foothold. Privilege…

This room mainly focused on active recon, web app attacks, and privilege escalation. [Task 1] Deploy the machine [Task 2] Reconnaissance Start a nmap scan on the given box: nmap -sC -sV -oN nmap/initial <ip>

For the tool’s commands, I used: https://www.hackerstoolkit.co Let’s start by scanning … nmap -sS -sV -sC 10.10.16.89 Let’s start with the web server.