Booj thoughts on security

HackTheBox - SolidState

This post will describe exploitation of the Solidstate device on HackTheBox. Solidstate’s an interesting box, and also memorable as the day when the HTB platform shit itself from the load. It’s also a lesson in reading the damn exploit code. I spent a long time re-running the exploit expecting stuff to happen, but the true realisation came ... Read more

HackTheBox - Calamity

This writeup is effectively the summation of three days of bashing my head against GDB. It ended up ballooning in size, but I’ve tried to include as much detail as possible, so hopefully someone with only a basic knowledge of buffer overflow’s should be able to follow along. It’s important to be aware that this is quite a complex buffer overfl... Read more

Stack Buffer Overflows: Linux 2 - Using GDB

In Chapter 2 of my Linux Stack Buffer Overflow series I’ll be walking you through crafting an exploit from scratch in GDB with no external hints of the environment. If you’re new to this type of exploit I’d recommend going through Chapter 1. One issue with crafting an exploit in GDB and then running it outside, is that the exploit simply no lo... Read more

BMAT Physics

A couple of years ago I was asked to author solutions for the physics portion of a private BMAT tutoring course. This course never ended up being taught and I’ve recently been informed that the BMAT cirriculum has changed. Therefore, I’ve decided to release these for anyone with either a cursory interest in Physics, or anyone looking for past ... Read more

HackTheBox - Jail

Introduction This box is long! It’s got it all, buffer overflow’s, vulnerable software version, NFS exploits and cryptography. This is a difficult box, not in the techniques it has you apply, but rather in the scope of them. There’s a lot covered in this write-up so in order to keep it relatively concise I’ve included a few links in the refe... Read more