WriteUp: HackTheBox Bashed

Bashed is a Linux machine rated easy. We gain access to the user flag via basic enumeration. To get the root flag, we have to escalate privileges by taking advantage of a scheduled cron job that can run without a password being required. Table of Contents ReconnaissanceEnumerationUser FlagPrivilege EscalationRoot FlagDefender's Note Reconnaissance We start off … Continue reading WriteUp: HackTheBox Bashed

DevSlop Kubernetes CTF WriteUp

As an organizer for the DevSlop Game Day, I couldn't participate in the CTF itself (bummer!) so I chose to walk through the challenges prior to the event to ensure that they are solvable and easy to comprehend. I personally had no experience with Kubernetes prior to organizing this CTF, therefore, it was a perfect … Continue reading DevSlop Kubernetes CTF WriteUp

Writeup: Advent of CTF 5 – Classic

For this challenge, we are required to bypass a login form using a powerful 'hacker tool'. Could the reference to hacker tool simply be a distraction? Again a login form stands in your way. What powerful 'hacker' tool will help you proceed? As usual, we begin by inspecting the source code via Developer tools to … Continue reading Writeup: Advent of CTF 5 – Classic

Writeup: Advent of CTF 4 – Obfuscation

The fourth challenge hints on there being something hidden There are people who think you can hide important things by making it hard to read. The page welcomes us with the following message: Let's try inspect the page with Developer tools. We immediately notice that JavaScript is in play here. Navigating to the Debugger section … Continue reading Writeup: Advent of CTF 4 – Obfuscation

Writeup: Advent of CTF 3 – JavaScript

This challenge requires that we bypass the login mechanism used on https://03.adventofctf.com. Let's see what Developer tools has to offer. I tried filling in the form with username test password test but I see no activity in Network tab which is odd for HTTP(s) traffic. I went ahead and inspected the source and found a … Continue reading Writeup: Advent of CTF 3 – JavaScript

Writeup: Advent of CTF 2 – CookieMonster

For the 2nd challenge we are required to bypass the login mechanism used on this webpage https://02.adventofctf.com. This is the page we get when we navigate to the URL. I tried logging in with a random username:password test:test. Since we are logged in as guests, we do not see the flag. Using developer tools, noted that … Continue reading Writeup: Advent of CTF 2 – CookieMonster

Writeup: Advent of CTF 1 – The Source

We are asked to visit https://01.adventofctf.com to start the challenge. This is what we get when we navigate to the site. A password is required, which we obviously do not have yet. The page hints on finding a flag. Let's check Developer Tools. What immediately catches my eye is the encoded string YWR2ZW50X29mX2N0Zl9pc19oZXJl in the source code … Continue reading Writeup: Advent of CTF 1 – The Source