Browsed by
Month: February 2020

Willow CTF — Write-up

Willow CTF — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/willow Willow is the third box I’ve written, but the second to be publicly released. The first two — Jack-Of-All-Trades and Year of the Rabbit — were both designed for specific events, but they will hopefully be released on TryHackMe in due course. This particular box was designed when I was in a very specific frame of mind, which is reflected in the slightly ethereal nature of the theme. Brownie points if anyone can identify where the…

Read More Read More

Note Taking and Write-ups

Note Taking and Write-ups

Introduction: This is just going to be a quick post detailing my personal preferences for documentation in the hope that it may help a few people get started with write-ups, and perhaps introduce you to some great software! We’ll start by looking at a couple of pieces of software (Cherrytree and Flameshot) which, frankly, I couldn’t recommend more; then briefly discuss a few tips for writeups and documentation as a whole. Let’s start with the software. Software: Cherrytree Cherrytree is…

Read More Read More

CherryBlossom CTF — Write-up

CherryBlossom CTF — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/cherryblossom CherryBlossom is my fourth CTF Challenge Box. It focuses heavily on cryptography and file manipulation, but also contains lateral movement and a privesc once the machine itself is compromised. Let’s begin. Initial Enumeration: We start, as always, with an nmap scan to see what services we have available to us: Three open ports, all standard. We have SSH running on Port 22 — there’s nothing we can do with this for now; not without at least…

Read More Read More

Daily Bugle — Write-up

Daily Bugle — Write-up

Challenge Link: https://tryhackme.com/room/dailybugle Daily Bugle is a Spiderman themed box on TryHackMe. It requires some knowledge of SQLi, basic enumeration, password cracking and privilege escalation. This box is rated hard — primarily due to the relative inconsistency of the SQL injection required to get initial access. Let’s begin. Initial Enumeration: As per usual, we’re going to start with a quick nmap scan of this box. Use the following command to see what we’ve got available to us: Great — we…

Read More Read More