Categories
Computing Hacking & CTF

CTF – Irish-Name-Repo 1-3

We’re going to look at the 3 ‘Irish Name Repo’ hacking challenges supplied by PicoCTF. All three challenges are broken down below, so you can see how the solution develops. Irish Name Repo 1 This is a 300 point Web Exploitation hacking challenge. This is what we’re provided with: AUTHOR:┬áCHRIS HENSLER Description There is a […]

Categories
Computing Hacking & CTF

THM – Blue CTF Room

This CTF challenge room is hosted by the team over at TryHackMe; it’ll take us from Recon, through exploitation and privilege escalation of the Windows box, then flag finding. We’ll be using nmap, Metasploit, EternalBlue payloads, system registries, hashdump and several other components. The room’s description is ‘Deploy & hack into a Windows machine, leveraging […]

Categories
Computing Hacking & CTF

CTF – mus1c Challenge

This PicoCTF general skills challenge was a bit of a weird one. You’ll either know what to do straight away, or have very little to go on. I was the latter. If you’ve delt with esolangs before… you’re probaby one step ahead of me. Valued at 300 points, you’re given a small lyrics txt file […]

Categories
Computing Hacking & CTF

CTF – Web Gauntlet 3

Another quick writeup of a CTF hacking challenge, hosted by PicoCTF. This challenge Web Gauntlet 3, is an injection attack. I believe the payload for this challenge actually works for the previous two challenges as well, Web Gauntlet 1 and Web Gauntlet 2. The hacking challenge AUTHOR: MADSTACKS Description Last time, I promise! Only 25 […]

Categories
Hacking & CTF Linux

CTF – Vulnveristy Privilege Escalation

Task 5 of TryHackMe’s Vulnversity CTF room is Privilege Escalation. Previously we comprimsed the web server by uploading a reverse-shell payload in a PHTML file. Now we’ve got a foot hold on the box, can we achieve root level access? Task 5 – Privilege Escalation Our task; now you have compromised this machine, we are […]

Categories
Computing Hacking & CTF jQuery & JavaScript

CTF – Java Script Kiddie

Even though I know some Javascript, this 400 point web-exploitation hacking challenge from PicoCTF proved to be a difficult for me. Thankfully with my forensic background I was well aware of important elements of this challenge, such as hex, bytes and file signatures. Saying that, it still took a few hours from starting the Java […]

Categories
Computing SysAd and Security

What is a UDP Flood Attack (DoS)

A User Datagram Protocol flood attack is a type of denial of service attack (DoS) which relies on the basis that UDP connections are stateless. We recently discussed about TCP SYN attacks being used to DoS targets; now we’re talking about UDP which doesn’t work on the 3 way handshake of TCP. One benefit of […]

Categories
Computing Linux SysAd and Security

How to do Port Scanning with Nmap

Network Mapper, usually just known as Nmap, is a powerful yet compact tool to have in your arsenal, giving you the power to explore a network and scan ports of various targets you find. Network and system administrators should know about this tool, its very helpful in debugging certain networking problems. It is however predominantly […]

Categories
Computing SysAd and Security

Vulnerability Scanners Vs Penetration Tester

While browsing forums and articles it seems there’s some confusion over the distinction between vulnerability scanners and penetration testers. What do these two digital security roles have in common, where do they overlap and where do they differ. Vulnerability scanners and penetration testers should both have written or implied permission to perform both of their […]

Categories
Computing Linux SysAd and Security

How to remember the OSI 7 model in order

Remembering the OSI 7 Model – Mnemonics The order that the different layers of the Open Systems Interconnection 7 model are found in matters hugely; needless to say you in certain IT roles you cant afford to forget where the data link layer occurs, or which layer comes before another, etc. Remembering the correct order […]