Reversing ELF

Hi, today I would like to show you how to solve easy RE CTF and how to start with RE, my directory after finish all challenges looks following: $ tree . ├── crackme_1 │ ├── crackme1 │ └── flag.txt ├── crackme_2 │ ├── crackme2 │ └── flag.txt ├── crackme_3 │ ├── crackme3 │ └── flag.txt ├── crackme_4 │ ├── crackme4 │ ├── flag.txt │ └── gdb_cmd ├── crackme_5 │ ├── crackme5 │ ├── flag....

December 7, 2020 · 7 min · Matus Bursa

Inclusion

Hi guys, after long time I have 5 minutes for playing game, so let’s play. I see new game called Inclusion with describe A beginner level LFI challenge. Yes, this is something I want to play and have been done quick. So I am starting VPN tunnel to our playground and click on magic button Deploy machine. As always first scan ports opened on the machine. $ nmap -T4 -sV 10....

March 16, 2020 · 3 min · Matus Bursa

Blue

Hello everyone, today we look at the CTF with MS17-010 vulnerability. So let’s start with nmap scan. $ nmap -sV -p0-1000 --script vuln 10.10.223.243 Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-12 14:40 CET Nmap scan report for 10.10.223.243 Host is up (0.043s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC |_clamav-exec: ERROR: Script execution failed (use -d to debug) 139/tcp open netbios-ssn Microsoft Windows netbios-ssn |_clamav-exec: ERROR: Script execution failed (use -d to debug) 445/tcp open microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP) |_clamav-exec: ERROR: Script execution failed (use -d to debug) Service Info: Host: JON-PC; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: |_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED |_smb-vuln-ms10-054: false |_smb-vuln-ms10-061: NT_STATUS_ACCESS_DENIED | smb-vuln-ms17-010: | VULNERABLE: | Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) | State: VULNERABLE | IDs: CVE:CVE-2017-0143 | Risk factor: HIGH | A critical remote code execution vulnerability exists in Microsoft SMBv1 | servers (ms17-010)....

February 12, 2020 · 13 min · Matus Bursa

Bookface

Before we start, read more about following tools & vulnerabilities. It will contains in this CTF hydra screen - CVE-2017-5618 knock and also you can read more about additional security method called port knocking So let’s start as usual with nmap. nmap -F --top-ports 10 -sV 10.10.219.90 Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-10 16:37 CET Stats: 0:00:07 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 0....

February 10, 2020 · 8 min · Matus Bursa

Daily Bugle

Hi guys, today we look at CTF called Daily Bugle and we try to gain root priviledges. :) Let’s play. NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read this post! [Task 1] First question is pretty simple. Open the article and you can find the answer Access the web server, who robbed the bank? spiderman [Task 2] $ curl http://10.10.86.172/media/system/js/mootools-more.js 2>/dev/null | grep MooTools....

February 6, 2020 · 6 min · Matus Bursa