Browsed by
Author: MuirlandOracle

Learn Linux — Write-up

Learn Linux — Write-up

TryHackMe Walkthrough Link: https://tryhackme.com/room/zthlinux Learn Linux is a great introductory room from Paradox. As the name suggests, it gives a nice foundation for Linux skills. This is a walkthrough room, so I’m not going to go into a huge amount of detail about the concepts themselves — I’ll leave that in Pars’ capable hands. Instead I’m going to be focusing on the questions, and how to answer them. By this token, I will be bypassing the tasks which don’t actually…

Read More Read More

NoName CTF — Write-up

NoName CTF — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/nonamectf NoName CTF is a great little CTF from stuxnet. It provides a really nice introduction to some often lesser-used topics in challenge boxes, including SSTI and BOF, making this a perfect box to get some practice in on! Without further ado, let’s begin! Enumeration As per normal, we’re going to begin this challenge with an nmap scan: We’ve got four ports open here. Nothing unusual about port 22 — just SSH as normal. We can’t bruteforce that…

Read More Read More

Unix File Permissions

Unix File Permissions

The permissions system in Unix is one of those things that you just need to understand if you’re going to work with Linux (or indeed, any other derivatives of Unix). There are already many great articles about file permissions online; however, this is a topic that I keep getting asked about, so I’m going to write it up in my own way. If you’re struggling to understand how file permissions work in Unix then hopefully this post will be of…

Read More Read More

Willow CTF — Write-up

Willow CTF — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/willow Willow is the third box I’ve written, but the second to be publicly released. The first two — Jack-Of-All-Trades and Year of the Rabbit — were both designed for specific events, but they will hopefully be released on TryHackMe in due course. This particular box was designed when I was in a very specific frame of mind, which is reflected in the slightly ethereal nature of the theme. Brownie points if anyone can identify where the…

Read More Read More

Note Taking and Write-ups

Note Taking and Write-ups

Introduction: This is just going to be a quick post detailing my personal preferences for documentation in the hope that it may help a few people get started with write-ups, and perhaps introduce you to some great software! We’ll start by looking at a couple of pieces of software (Cherrytree and Flameshot) which, frankly, I couldn’t recommend more; then briefly discuss a few tips for writeups and documentation as a whole. Let’s start with the software. Software: Cherrytree Cherrytree is…

Read More Read More

CherryBlossom CTF — Write-up

CherryBlossom CTF — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/cherryblossom CherryBlossom is my fourth CTF Challenge Box. It focuses heavily on cryptography and file manipulation, but also contains lateral movement and a privesc once the machine itself is compromised. Let’s begin. Initial Enumeration: We start, as always, with an nmap scan to see what services we have available to us: Three open ports, all standard. We have SSH running on Port 22 — there’s nothing we can do with this for now; not without at least…

Read More Read More

Daily Bugle — Write-up

Daily Bugle — Write-up

Challenge Link: https://tryhackme.com/room/dailybugle Daily Bugle is a Spiderman themed box on TryHackMe. It requires some knowledge of SQLi, basic enumeration, password cracking and privilege escalation. This box is rated hard — primarily due to the relative inconsistency of the SQL injection required to get initial access. Let’s begin. Initial Enumeration: As per usual, we’re going to start with a quick nmap scan of this box. Use the following command to see what we’ve got available to us: Great — we…

Read More Read More

RSA Encryption

RSA Encryption

Introduction: RSA (short for Rivest–Shamir–Adleman — named after its creators) is an asymmetric public-key encryption system that is very commonly used in real world applications. Despite its age (having been released in 1977), RSA encryption is still one of the most widely used asymmetric encryption algorithms in use today. Interestingly, it seems that an equivalent algorithm to RSA was created at GCHQ by James Ellis, Clifford Cocks, and Malcolm Williamson four years previously in 1973. I learnt the theory behind RSA encryption…

Read More Read More

Bebop — Write-up

Bebop — Write-up

Challenge Link: https://tryhackme.com/room/bebop Bebop is a quick box that exemplifies exactly how insecure some drone operating systems are. This box shouldn’t take very long to root — it’s really not particularly challenging (which is slightly worrying given it’s based off real drone software). Of much more interest is the overarching concept: drone hacking. If you haven’t already watched the video embedded into the THM room, I would highly recommend it; it’s really interesting (and hilarious in places). I’ll include an…

Read More Read More

Madness — Write-up

Madness — Write-up

Challenge Link: https://tryhackme.com/room/madness Madness: the CTF Challenge from Optional that is true to its name. This room is infuriating; but all the more fun because of it. Madness is ranked as being easy, which is apt because as far as hacking techniques go, this box isn’t hugely difficult. In terms of puzzles, on the other hand… Well, let’s just say that Optional is an evil genius. If you would prefer to do the puzzles by yourself then I would suggest…

Read More Read More

Scroll Up