Combining Python and C to write a sponge function and then brute-forcing a collision. Had you ever seen that? I hadn’t…
Reducing the 27! permutations to over 300 and cracking of a shredded QR code! Really fun and interesting challenge by Square CTF…
Windows machine with a ftp anonymous connection and a db backup? Not a good idea… And what about runas with Admin? Even worse!
Really realistic machine based on a misconfiguration in GPP on SMB which lets one log in as user and then retrieve the kerberos ticket of the Administrator. One of the best machines I’ve done!
RSA explanation along with a cool problem from BSides Delhi 2018 that takes it one step further
XXE is cool, a git repository could be as well… Wanna have a look at this box?
Linux inside windows, second order SQL injection, SMB and much more… Definitely the most interesting and educational machine I’ve rooted on HTB!
My first windows box! The way to access the system was cool, but a bit simple… User and root? Looks like they are the same here
From file upload to python RCE. Who would’ve guessed the solution had to do with the chr() and ord() functions?
Nmap never was so important on a machine, thorough scans lead to user access, then pivoting thanks to a backup of the shadow file cracked with John. Finally, get the root hash with wget posting files as data.