Browsed by
Month: January 2020

RSA Encryption

RSA Encryption

Introduction: RSA (short for Rivest–Shamir–Adleman — named after its creators) is an asymmetric public-key encryption system that is very commonly used in real world applications. Despite its age (having been released in 1977), RSA encryption is still one of the most widely used asymmetric encryption algorithms in use today. Interestingly, it seems that an equivalent algorithm to RSA was created at GCHQ by James Ellis, Clifford Cocks, and Malcolm Williamson four years previously in 1973. I learnt the theory behind RSA encryption…

Read More Read More

Bebop — Write-up

Bebop — Write-up

Challenge Link: https://tryhackme.com/room/bebop Bebop is a quick box that exemplifies exactly how insecure some drone operating systems are. This box shouldn’t take very long to root — it’s really not particularly challenging (which is slightly worrying given it’s based off real drone software). Of much more interest is the overarching concept: drone hacking. If you haven’t already watched the video embedded into the THM room, I would highly recommend it; it’s really interesting (and hilarious in places). I’ll include an…

Read More Read More

Madness — Write-up

Madness — Write-up

Challenge Link: https://tryhackme.com/room/madness Madness: the CTF Challenge from Optional that is true to its name. This room is infuriating; but all the more fun because of it. Madness is ranked as being easy, which is apt because as far as hacking techniques go, this box isn’t hugely difficult. In terms of puzzles, on the other hand… Well, let’s just say that Optional is an evil genius. If you would prefer to do the puzzles by yourself then I would suggest…

Read More Read More

LazyAdmin — Write-up

LazyAdmin — Write-up

Challenge Link: https://tryhackme.com/room/lazyadmin LazyAdmin is a Linux challenge box on TryHackMe. Written by MrSeth6797, this room is designed to be a relatively relaxed challenge to practice with. There is nothing particularly unusual or extreme about the LazyAdmin box — which is exactly how it should be for a gentle practice challenge. Let’s get started! Enumeration: The first stage of this challenge is, as normal, enumeration. We’ll start by running a pretty standard nmap scan to see what ports are open…

Read More Read More

TryHackMe Christmas 2019 Challenge Write-up

TryHackMe Christmas 2019 Challenge Write-up

Challenge Link: https://tryhackme.com/room/25daysofchristmas Day One — Inventory Management: The first part of the Christmas 2019 challenge on TryHackMe is a web application that’s vulnerable to cookie hijacking. The challenge comes with a Google Doc which covers the basics of how websites are run and how cookies work. If you’re struggling, I would suggest reading that first. So, the first challenge: If you deploy the provided VM and navigate to the URL (http://<your_machines_ip>:3000), you will be shown a login screen asking for a…

Read More Read More

Retro — Write-up

Retro — Write-up

Challenge Link: https://tryhackme.com/room/retro Retro is a box from Darkstar7471 consisting of a virtual machine running a windows web server. We’re tasked with enumerating, gaining access and escalating our privileges. This write up is a snapshot from my full THM Advent Challenges write up. Let’s get started! Enumeration: If you try to enumerate this machine, you’ll notice the first of Darkstar’s little challenges designed to make this more difficult. The VM will not respond to ping requests, and will always appear…

Read More Read More