BabyPHP Level 1 Solution: the challenge is basic , it get input using php wrapper php://input in post request body then unserialize compare num variable with “13622” so the payload will be like this: a:1:{s:3:”num”;i:13622;} Flag: CTCTF{B4by_Php_l3v3L_1_P4s53d} BabyPHP Level 2 Solution: First we need to analyze the code , it take POST request with cmd parameter and can’t have more than two consecutive letter and no dots (.) or opening square brace ( [ ) also cmd should be less than 100 character. If we pass the check , we can run eval! the challenge can be solved in two way , or two techni ..read more

fiasco Solution: After downloading the file use ‘file’ command to know that this file is a zip file, add ‘.zip’ after its name and extract the images then rearrange and merge them into one image (names and sizes of files don’t matter or refer to there order ) you will get a QR code and by scanning it you will get this URL: http://ec2-18-217-40-45.us-east-2.compute.amazonaws.com/fiasco/flag.php after some information gathering and with the use of the P.S. in the description you realize that “flagID” can be used to make a GET request, the page content will change to “Naah thats not the number ..read more

The Eighth Circle Of Hell Encryption – Crypto Solution: After a clumsy search on challenge name “The Eighth Circle Of Hell Encryption” you will find Malbolge esoteric programming language ( https://en.wikipedia.org/wiki/Malbolge ) and this table for its encrypted version : text=['84','68','46','108','0','46','107','3','','1','89','','4','86','_','3','89','0','42','3','117','1','125','_','46','4','86','107','77','4','1 07','3'] alph={'0':'a','1':'b','2':'c','3':'d','4':'e','5':'f','6':'g','7':'h','8':'i','9':'j','10':'k','11':'l','12':'m','13':'n','14':'o','15':'p','16':'q','17':'r','18 ..read more

In this article you well learn the following: Scanning targets using nmap. Enumeration Exploit nostromo 1.9.6 Check nostromo configuration file Decrypt ssh private key with john Abuse sudo command for root Port Scanning $ nmap -Pn -sC -sV -v 10.10.10.165 -oN traverxec.nmap PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u1 (protocol 2.0) | ssh-hostkey: | 2048 aa:99:a8:16:68:cd:41:cc:f9:6c:84:01:c7:59:09:5c (RSA) | 256 93:dd:1a:23:ee:d7:1f:08:6b:58:47:09:73:a3:88:cc (ECDSA) |_ 256 9d:d6:62:1e:7a:fb:8f:56:92:e6:37:f1:10:db:9b:ce (ED25519) 80/tcp ope ..read more

In this article you well learn the following: Scanning targets using nmap Enumerate windows machine RFI via smb shared folder Switch user via powershell Exploit microsoft compiled HTML help Starting with namp scan: nmap -Pn -v -sC -sV -oN sniper.nmap 10.10.10.151 PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 | http-methods: | Supported Methods: OPTIONS TRACE GET HEAD POST |_ Potentially risky methods: TRACE |_http-server-header: Microsoft-IIS/10.0 |_http-title: Sniper Co. 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows net ..read more

In this article you well learn the following: Scanning targets using nmap. Explit SQL Injection via Speech To Text Recognition. Enumerate System Exploit JDWP ( Java Debug Wire Protocol ) I begin reconnaissance by running an Nmap scan checking default scripts and testing for vulnerabilities. root@pentesting:~/Desktop/HTB/AI# nmap -Pn -sC -sV 10.10.10.163 -v Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-24 09:22 EST PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 6d:16:f4:32:eb:46:ca:37:04:d2:a5:aa:74 ..read more

In this article you well learn the following: Scanning targets using nmap. Identifying php backup file. Playing with JWT ( Json Web Token ). Exploiting FFmpeg Software. Scan for Vhosts. Exploiting OpenSSH 7.2p1 xauth Command Injection. Identify and exploit Codiad Web Based IDE. Escape Limited Shell. Monitor Processes via Pspy64. Exploiting POI ( PHP Object Injection ).   Port Scan: 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.11 80/tcp open http Apache httpd 2.4.7 6686/tcp open ssh OpenSSH 7.2 (protocol 2.0)   Enumeration: Firstly, i checked the http port 80 and i got a forbidden page, an ..read more

Collection of Cybersecurity Tools   Android Cybersecurity: A set of resources for Android security.   Android Cybersecurity : A collection of android security related resources. AndroTotal Appknox – not free NVISO ApkScan AVC UnDroid Virustotal – max 128MB Fraunhofer App-ray – not free AppCritique – Upload your Android APKs and receive comprehensive free security assessments. NowSecure Lab Automated – Enterprise tool for mobile app security testing both Android and iOS mobile apps. Lab Automated features dynamic and static analysis on real devices in the cloud to return results in minutes ..read more