NSA Codebreaker 2022 Task B2
Description: It looks like the backend site you discovered has some security features to prevent you from snooping. They must have hidden the login page away somewhere hard to guess. Analyze the ...
Description: It looks like the backend site you discovered has some security features to prevent you from snooping. They must have hidden the login page away somewhere hard to guess. Analyze the ...
Description: The attacker left a file with a ransom demand, which points to a site where they’re demanding payment to release the victim’s files. We suspect that the attacker may not have been ac...
Description: Using the timestamp and IP address information from the VPN log, the FBI was able to identify a virtual server that the attacker used for staging their attack. They were able to obtai...
Description: We believe that the attacker may have gained access to the victim’s network by phishing a legitimate users credentials and connecting over the company’s VPN. The FBI has obtained a co...
WIP - Currently porting writeups Web Grillmaster Description A burger shop is accepting entries for its new menu. Users can select the ingredients they would like to see on a recipe and submit ...
Quick summary Catch is a well made medium box that starts with static analysis of an APK before moving into abusing an API with the leaked contents of the apk. Then we can leak some credidentials ...
Quick Summary: This week’s Writeup will be for Shibboleth. This was enjoyable box despite some troubles with the IPMI exploits. This is a Linux box and the machine IP is 10.10.11.124. Last step be...
Devzat is hosting a website on port 80 which responds to both devzat.htb and pets.devzat.htb. Getting foothold requires exploiting the pets page by triggering command injection on the pets.devzat.h...
Paper is hosting a wordpress site which we must exploit to gain access to a RocketChat instance. With access to the RocketChat, we can interact with a bot which will give us LFI allowing us to leak...