Many a times we get caught in the trap of a server is shelled but there is nothing to go on with ; Today we will look at one such possibility that is faced. You have a webshell on a server however you want to use old fashioned netcat or socat to connect to it […]
Jimmy the troll (unknown)
Download Unknown.ova here (782.44 MB) This CTF was made by Jimmy to test a number of aspects. It was also keen as the previous one on attention to some details. So without further ado, lets get into what made this journey awesome. Know About Thy Target This was the first step and for this I […]
Following the previous article where all exploits failed , there are still 2 doors down : Nmap be abit old Go for some “GRUB“. Nmap be abit old Now for this bit nmap is old its version 3.81. This can be abused via the –interactive option. More information on this can be found here. But basically […]
Now from John The Troll (CTF – Africahackon) – Key 2 we have gotten to be Chicken, so the next thing would be getting information about the system. [+] Kernel Linux version 3.13.0-55-generic (buildd@brownie) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #94-Ubuntu SMP Thu Jun 18 00:27:10 UTC 2015 [+] fstab entries # /etc/fstab: static file system […]
After the previous article we got the first key. Now for the second key we needed to move a notch higher into the system. We had a loot.dic so the best option seeing we only have the web application facing us so far would be bruteforcing it. root@mth3l3m3nt:~# wpscan -u http://192.168.238.101/ -U hacker123 -w ~/loot.dic […]
Download Africahackon CTF by John the Troll (487.71 MB) The CTF wanted to cover basics in the beginning where people not only see but observe. On loading the system we notice that there is a web application hosted on it. The application was a wordpress application. Things to note about it are: readme.html was still […]
HackBattle 2015 – Scenario 1- Part 1
The HackBattle this year was themed ROTT (“Rampage of the trolls”) The infrastructure is courtesy of Azanuru Technologies. It was announced on various platforms on social media for people to participate in over a period of 4 weeks. This was testing key skills including The main aim was to help people understand how to develop […]
HackBattle 2015 – Scenario 1- Part 2
For those that didn’t get part 1 click the button below: HackBattle 2015 Scenario 1 Part 1 Thou shalt not ignore hints – Hint 2 Later on as people got stuck on the easy bits. The second hint was given. Now being as easy as it is most people didn’t take heed to the words […]
HackBattle 2015 – Scenario 2
Hackbattle Scenario 2 is way easier than HackBattle 2015 Scenario 1 Part 1 because once you figured out the con (Hacking Team Saga) it was pretty straight forward and googling all the way. In short you needed to Pozzi this battle. Watch it below to see how it was to be done.
Africahackon 2015 CTF Solution
Following the Africahackon Conference 2015 the OWASP Mth3l3m3nt Framework was used in the CTF solution to make it easier, faster and more efficient to manage the attack. The main modules used in this are: Generic Request Maker Shell Generator Web Herd (HTTP Bot)