SquareZero

Cronos is a medium Linux machine that focuses mainly on different vectors for enumeration and also emphasises the risks associated with adding world-writable files to the root crontab. This machine also includes an introductory-level SQL injection vulnerability EnumerationFirst I check for available open ports. nmap -sC -sV -A -oG beep beep.htb Ports Service 22 ssh OpenSSH 7.2p2 (4Ubuntu2.1) 53 DNS 80 Apache httpd 2.4.18 Next, I did directory brute-forcing but nothing interesting s ...

All Labs of JWT from Portswigger. ApprenticeJWT authentication bypass via unverified signatureLet’s login with the given credentials and intercept the request. Our Extension can automatically detect JSON tokens. Let’s change the user to administrator. After forwarding the request we can see the username is changed. Now let’s repeat the process and each time the username needs to be changed. NOTE → If you don’t want to change your username every time, after intercepting the request se ...

Beep has a very large list of running services, which can make it a bit challenging to find the correct entry method. This machine can be overwhelming for some as there are many potential attack vectors. Luckily, there are several methods available for gaining access. FixesDue to this machine’s age and the outdated TLS version, issues emerge.Before we move on, let’s solve a couple of them. Firefox Curl & gobuster-k, –insecure Allow insecure server connections EnumerationI begin as ...

Shocker, while fairly simple overall, demonstrates the severity of the renowned Shellshock exploit, which affected millions of public-facing servers. EnumerationAt first, I did a Nmap scan for open ports and services. nmap -sC -sV -p- 10.10.1.235 -oG shocker Ports Service 80 Apache httpd 2.4.18 ((Ubuntu)) 2222 OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 I visit the website But there is nothing interesting. I start enumerating websites using FFUF ffuf -w /usr/share/dirb/wordlists/small.txt:FUZZ ...

First 10 Labs of SQLi Lab based on UNION attack. SQL injection vulnerability in WHERE clause allowing retrieval of hidden dataBy making the statement true we can get all the categories. Payload → 'OR 1=1-- - SQL injection vulnerability allowing login bypassIn the login page after typing the username we can just comment the rest of the statement. Which will make the password parameter a comment. Payload → administrator'-- - SQL injection UNION attack, determining the number of columns ...

We participated in our local HTB-hosted USF CTF and we ended up being 1st! It was a day-long CTF but we solved all of the challenges within 4hours. Some of the challenges were very interesting. Cant wait to play the next USF HTB event as PROTOSEC

This year sunshineCTF was amazing. The CTF was challenging. We had no internet, The wifi they provided was constently disconnecting everyone. Most of the challenges was about pwn and RE, which Im not so good at. So I decided to focus on Web Challenges. Here are some of the challenges I solved. Challenge → TransparencyPoint → 50 Description → This one is simple! Just look where youmight look at the cryptographic history of the sunshinectf.org domain! There’s a Yeti in one and a Nimbus in anothe ...

Challenge DescriptionOne of the clients of our company, lost the access to his system due to an unknown error. He is supposedly a very popular “environmental” activist. As a part of the investigation, he told usthat his go to applications are browsers, his password managers etc. We hope that you can dig into this memory dump and find his important stuff and give it back to us. Note: This challenge is composed of 3 flags. Write UpI have to find the profile first. vol.py -f MemoryDump_Lab2.raw i ...

Challenge DescriptionMy sister’s computer crashed. We were very fortunate to recover this memory dump. Your job is get all her important files from the system. From what we remember, we suddenly saw a black window pop up with something being executed. When the crash happened, she was trying to draw something. Thats all we remember from the time of crash. Note: This challenge is composed of 3 flags. Write UpFrom the challenge description, we know there are a total of 3 flags. I have to find the ...

Pelican ​ 11th October 2020 ​ Machine Author(s): [Offsec] ​ Description:Let’s hope to see one at the zoo. Difficulty:Intermediate EnumerationFirst I check for available open ports. nmap -p- --min-rate=10000 192.168.196.98 nmap -sC -sV -p21,23,80 192.168.196.98 -oA ./nmap/pelican |Ports|Service|22| ssh OpenSSH 7.9p1 Debian|139| netbios-ssn Samba smbd 3.X - 4.X|445| 563cafdc3028 Samba smbd 4.9.5-Debian|631| ipp CUPS 2.2|2181| zookeeper Zookeeper 3.4.6-1569965|2222| ssh OpenSSH 7.9p1 Debi ...