Python Decorators — Tutorial

Python Decorators — Tutorial

Introduction It’s been absolutely ages since I’ve had the time or inclination to write an informational blog post, but development of a new room has finally given me an excuse! This post will have a look into Python decorators — a really cool construct that allows you to pre-process functions; very useful when working with Flask apps, or Discord bots, where they are used for things like routes and authentication, or to specify commands. Decorators are a tricky concept to…

Read More Read More

Year of the Jellyfish — Write-up

Year of the Jellyfish — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/yearofthejellyfish It feels like it’s been a long time since I’ve written anything here, so it’s good to get writing again in amongst the busyness of university mixed with ZeroPoint Security’s RTO course. This post contains the official walkthrough for the latest New Year box: Year of the Jellyfish. Following on from Year of the Owl, this box is designed to be in a very similar style to the enumeration-focus of the OSCP exam (although to the…

Read More Read More

OSCP: Thoughts

OSCP: Thoughts

Introduction It seems to be a growing trend to write a blog post after sitting your OSCP, so, I figured I may as well throw my thoughts into the mix. Please bear in mind though — the majority of this post will be my own experiences with the OSCP preparation and exam. Hopefully this will be useful to people, but how I found it may be completely different to how others find it. As many reading this may have guessed,…

Read More Read More

Year of the Owl — Write-up

Year of the Owl — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/yearoftheowl Year of the Owl follows on from Year of the Dog as the next in the New Year series. It is the first Windows box in the series, and is currently rated hard. Like many of my other boxes, Year of the Owl is inactively themed — kudos if you can guess what it’s based on! As my first Windows box, you can think of Year of the Owl as being something of a warm-up (hence…

Read More Read More

Year of the Dog — Write-up

Year of the Dog — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/yearofthedog Another room, another write-up. Year of the Dog is the next box in my New Year series, following on from the Year of the Pig. As with Year of the Pig, this box is designed vaguely with preparation for a certain exam in mind; however, this box requires knowledge slightly in excess of what is offered by the training material for said certification. As a result, I hope that it allows for an extension of that…

Read More Read More

0day — Writeup

0day — Writeup

TryHackMe Challenge Link: http://tryhackme.com/room/0day “0day” is a room conceived and built primarily by TryHackMe’s very own 0day, with a little help from myself in the execution, troubleshooting and provision of a writeup. This is a great little box designed to demonstrate the dangers of not frequently updating your servers! Both of the vulnerabilities demonstrated in this room cover topics that are not commonly seen on TryHackMe, so hopefully you’ll enjoy the box! Enumeration Let’s begin, as usual, with a scan…

Read More Read More

Year of the Pig — Write-up

Year of the Pig — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/yearofthepig Year of the Pig follows Year of the Fox as the next in my series of New Year boxes. Whilst a fully original box, it is designed to serve as practice for a certain certification I may or may not have recently finished the training for… Year of the Pig is inactively themed, with a variety of easter-eggs hidden throughout the box. Kudos if you can guess the basis! Without further ado, let’s get into the…

Read More Read More

File Upload Vulnerabilities — Hints

File Upload Vulnerabilities — Hints

TryHackMe Walkthrough Link: https://tryhackme.com/room/uploadvulns This post contains a series of hints for the final challenge (Jewel) in the File Upload Vulnerabilities room on TryHackMe. With the information here it should be possible to completely walk through the final challenge — however, please take the time to try it for yourself, and use the hints one at a time as and when you get stuck. Hint One: Hint Two: Hint Three: Hint Four: Hint Five: Hint Six: Hint Seven: Hint Eight:…

Read More Read More

Year of the Fox — Write-up

Year of the Fox — Write-up

TryHackMe Challenge Link: https://tryhackme.com/yotf Year of the Fox is the second box in what is now my New Year series of challenge boxes. Following on from Year of the Rabbit, this box is a lot harder, and will require knowledge across a variety of different areas. This box was initially used in a celebratory competition marking the first 100,000 members on the TryHackMe platform, and is now a standalone box on the site. The writeup was also published on the…

Read More Read More

Tomghost — Write-up

Tomghost — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/tomghost Tomghost is an interesting CTF from Stuxnet; it has rather an unusual section after gaining RCE, which makes for a nice break from standard CTF challenges. In this room we’ll be exploiting a vulnerability in Ghostcat and exploring ASCII armour protected PGP encryption keys, followed by a nice easy privilege escalation up to root. Let’s begin! Enumeration: We begin, as always, with enumeration of the machine. Let’s start with an nmap scan: Great, so, we have…

Read More Read More