This was a fun challenge, just because I didn’t pay attention in the beginning. To start log in with the provided credentials. After logging of course I used “ls” to see what I have in the current directory. Oh … the flag is here. That looks to easy, but lets use “cat” to see what is the content in the file. Shit…. nothing is happening. How can I view the file. Now … when doing CTFs usually there is a clue in the name of the challenge. This one is called Catalias – “cat”, “alias”. Lets list the alias to see what we work with. As you can see from…
-
-
Hidden – #Virseccon2020
This was an interesting small challenge. We have been given the password to ssh in to the machine. After we do of course we would like to run a “sl” or sl -al” commands to see what we have in the current directory. Oh wow a directory with a name secret. Lets cd in to that folder. Opps we can’t! This command tells us something important. We are working on “restricted bash”. Please see the image bellow. Now it is a matter of knowing how to escape that. A simple google search can give you the result. As always I will post a link in the end of the article.…
-
PHPJuggler – #Virseccon2020
For this challenge, the initial start is pretty obvious, or at least i think so. The first thing we see when we upload the webpage is the image that you see above, which contains two pieces of code. Thats our first clue. The second clue is the name of the challenge. So let the research start. I will not go into detail and will just show you the solution, however I will post links in the end of this post so you can read by yourself and, understand what and how it works. When I do a web challenges I like to examine the page. As I mentioned above we…
-
Mango WriteUp – HackTheBox
Enumeration: Enumeration is pretty important as we all know. So the first thing we do is run an nmap scan to see which ports are open and what is running on that machine. We can see that we have 3 ports that are open – 80, 443 and 22. Initial Foothold: For me the start of this box was hell. It was like that because I didn’t look close enough in the nmap results. So I needed to ask on the discord chat for help. But let me explain. By examining all the ports we can see that we have an http server on port 80. If you try to…