Blue

Hello everyone, today we look at the CTF with MS17-010 vulnerability. So let’s start with nmap scan. $ nmap -sV -p0-1000 --script vuln 10.10.223.243 Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-12 14:40 CET Nmap scan report for 10.10.223.243 Host is up (0.043s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC |_clamav-exec: ERROR: Script execution failed (use -d to debug) 139/tcp open netbios-ssn Microsoft Windows netbios-ssn |_clamav-exec: ERROR: Script execution failed (use -d to debug) 445/tcp open microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP) |_clamav-exec: ERROR: Script execution failed (use -d to debug) Service Info: Host: JON-PC; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: |_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED |_smb-vuln-ms10-054: false |_smb-vuln-ms10-061: NT_STATUS_ACCESS_DENIED | smb-vuln-ms17-010: | VULNERABLE: | Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) | State: VULNERABLE | IDs: CVE:CVE-2017-0143 | Risk factor: HIGH | A critical remote code execution vulnerability exists in Microsoft SMBv1 | servers (ms17-010)....

February 12, 2020 · 13 min · Matus Bursa

Bookface

Before we start, read more about following tools & vulnerabilities. It will contains in this CTF hydra screen - CVE-2017-5618 knock and also you can read more about additional security method called port knocking So let’s start as usual with nmap. nmap -F --top-ports 10 -sV 10.10.219.90 Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-10 16:37 CET Stats: 0:00:07 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 0....

February 10, 2020 · 8 min · Matus Bursa

Daily Bugle

Hi guys, today we look at CTF called Daily Bugle and we try to gain root priviledges. :) Let’s play. NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read this post! [Task 1] First question is pretty simple. Open the article and you can find the answer Access the web server, who robbed the bank? spiderman [Task 2] $ curl http://10.10.86.172/media/system/js/mootools-more.js 2>/dev/null | grep MooTools....

February 6, 2020 · 6 min · Matus Bursa

Impossible Password

Welcome here in new year, I would like to introduce one of easy CTF in reverse engineering category radare2 [gdb] $ r2 ./impossible_password.bin [0x004006a0]> aaa ... [0x004006a0]> afl 0x004006a0 1 41 entry0 0x00400610 1 6 sym.imp.__libc_start_main 0x004005f0 1 6 sym.imp.putchar 0x00400600 1 6 sym.imp.printf 0x00400620 1 6 sym.imp.srand 0x00400630 1 6 sym.imp.strcmp 0x00400650 1 6 sym.imp.time 0x00400660 1 6 sym.imp.malloc 0x00400670 1 6 sym.imp.__isoc99_scanf 0x00400680 1 6 sym.imp.exit 0x00400690 1 6 sym....

January 27, 2020 · 2 min · Matus Bursa

How find a vulnerable server on the internet?

NOTICE: Educational purposes only! Hi, I want to show you how easy it is to find a vulnerable server on the internet. Okey guys, so now, firstly we need to have some TOR client for anonymity ;) Before we begin, look at the following tools tor nyx proxychains-ng shodan curl nmap $ tor & $ nyx -i 127.0.0.1:9052 Then we can test, if the tor is working correctly with proxychains...

January 24, 2020 · 3 min · Matus Bursa