Booj thoughts on security

HackTheBox - Node

This writeup describes exploitation of the node machine on HackTheBox. Many thanks to @rastating for a fantastic box and @Geluchat for helping me craft the final buffer overflow. Chapters: Enumeration Privilege Escalation - Tom Privilege Escalation - Root Binary Analysis Arbitrary File Disclosure Command Executi... Read more

HackTheBox - Mantis

This writeup details attaching the Mantis machine from HackTheBox. In short this machine looked indomitable at the start with it’s ridiculous list of open ports. Targeted enumeration, however, reveals that it’s not as bad as first expected. Chapters: Enumeration MS-SQL Credentials MS14-068 Topics: MS-SQL Enumera... Read more

HackTheBox - Shrek

This post will describe exploitation of the Shrek device on HackTheBox. Shrek, also known as steganography hell, or ‘How the hell was anyone supposed to know to do that 7ckm3?’. It’s very much the resident CTF box, so techniques like steganography are more common than service mis-configurations. Also to be expected is a lot of trolling. In... Read more

Stack Buffer Overflows: Linux 3 - Bypassing DEP with ROP

In this chapter we’ll be dealing with systems with ASLR disabled, and with all binary protections disabled bar NX. Here you’ll learn how to craft basic ROP chains using functions in libc, and how to chain multiples of these together. Prior Reading: Chapter 1 Chapter 2. Environment: Ubuntu 16.04 32bit GDB Peda The code we’ll be us... Read more - random, coin1 & bof

This post describes three Toddler’s Bottle exploits on Random This is a simple binary exploitation challenge. The code for the binary is included once the user has SSH’d in: #include <stdio.h> int main(){ unsigned int random; random = rand(); // random value! unsigned int key=0; scanf("%d", &key); if( (key ^ rando... Read more