Home
MegaWattSec
Cancel

HackTheBox: Registry

About the box Registry took me through several services that I’ve never used before, including one that I wanted to get to know better, Docker. The box begins with an online Docker registry avail...

SANS Holiday Hack Challenge 2019

Introduction Kringle Con begins with you getting off a train at Elf University, the premier institution of higher learning in the ultra far north. Sure was crowded the first day. Santa will...

HackTheBox: Craft

Recon and Scans NMAP Here is the output from Nmap, it shows several ports open. nmap -n -Pn -sC -sV -p- 10.10.10.110 Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-02 19:58 EST Nmap scan r...

OverTheWire: NATAS 30

This is another basic login form. The unique thing about this one is the sourcecode is in PERL. #!/usr/bin/perl use CGI qw(:standard); use DBI; print <<END; Content-Type: text/html; chars...

HackTheBox: Haystack

Scans Starting Nmap 7.80 ( <https://nmap.org> ) at 2019-10-01 09:16 EDT Nmap scan report for 10.10.10.115 Host is up, received user-set (0.24s latency). PORT STATE SERVICE REASON VERSIO...

OverTheWire: NATAS 29

This level presents you with several articles from an old ezine about perl hacking. The page script “/index.pl” is what’s processing our selection. Here it is in Burp Suite: Objective 1 – so...

OverTheWire: NATAS 28

LEVEL 28 No sourcecode, this will be fun. The program takes your query and searches it against a list of jokes, possibly in a database (since it says “whack computer joke database”). Checking o...

OverTheWire: NATAS 26 – 27

LEVEL 26 The sourcecode: <?php // sry, this is ugly as hell. // cheers kaliman ;) // - morla class Logger{ private $logFile; private $initMsg; private $exitMsg; ...

OverTheWire: NATAS 21 – 25

LEVEL 21 This level has a second site associated with it, where all the action is: Main Site PHP sourcecode of the main page: <? function print_credentials() { if($_SESSION and array...

OverTheWire: NATAS 16 – 20

LEVEL 16 This level looks a lot like level 9 did with the dictionary lookup and it suggests there are now more input checks. Let’s see the source: <form> Find words containing: <input ...