About the box Registry took me through several services that I’ve never used before, including one that I wanted to get to know better, Docker. The box begins with an online Docker registry avail...
SANS Holiday Hack Challenge 2019
Introduction Kringle Con begins with you getting off a train at Elf University, the premier institution of higher learning in the ultra far north. Sure was crowded the first day. Santa will...
HackTheBox: Craft
Recon and Scans NMAP Here is the output from Nmap, it shows several ports open. nmap -n -Pn -sC -sV -p- 10.10.10.110 Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-02 19:58 EST Nmap scan r...
OverTheWire: NATAS 30
This is another basic login form. The unique thing about this one is the sourcecode is in PERL. #!/usr/bin/perl use CGI qw(:standard); use DBI; print <<END; Content-Type: text/html; chars...
HackTheBox: Haystack
Scans Starting Nmap 7.80 ( <https://nmap.org> ) at 2019-10-01 09:16 EDT Nmap scan report for 10.10.10.115 Host is up, received user-set (0.24s latency). PORT STATE SERVICE REASON VERSIO...
OverTheWire: NATAS 29
This level presents you with several articles from an old ezine about perl hacking. The page script “/index.pl” is what’s processing our selection. Here it is in Burp Suite: Objective 1 – so...
OverTheWire: NATAS 28
LEVEL 28 No sourcecode, this will be fun. The program takes your query and searches it against a list of jokes, possibly in a database (since it says “whack computer joke database”). Checking o...
OverTheWire: NATAS 26 – 27
LEVEL 26 The sourcecode: <?php // sry, this is ugly as hell. // cheers kaliman ;) // - morla class Logger{ private $logFile; private $initMsg; private $exitMsg; ...
OverTheWire: NATAS 21 – 25
LEVEL 21 This level has a second site associated with it, where all the action is: Main Site PHP sourcecode of the main page: <? function print_credentials() { if($_SESSION and array...
OverTheWire: NATAS 16 – 20
LEVEL 16 This level looks a lot like level 9 did with the dictionary lookup and it suggests there are now more input checks. Let’s see the source: <form> Find words containing: <input ...