Shoppy

Hack The Box. Linux. Easy machine

8 minutes to read

This machine website that is vulnerable to NoSQL injection. Using this vulnerability, we can bypass authentication and list some hashed passwords that can be cracked. Then, we enumerate subdomains and find a MatterMost application in which we can access and find credentials for SSH in the machine. The first user is able to run a custom ELF binary that shows more credentials when using a specific master password. Finally, we can escalate privileges because the second user belongs to group docker

Infinite Knapsack

Hack The Box. Challenges. Crypto

35 minutes to read

Knapsack. Brute force. Modular arithmetic. Shuffling. LLL lattice reduction

Monstrosity

Hack The Box. Challenges. OSINT

9 minutes to read

Twitter's API. Geolocalization

Missing in Action

Hack The Box. Challenges. OSINT

1 minute to read

LinkedIn and Twitter. Dorks

Block Hunt3r

Hack The Box. Challenges. OSINT

3 minute to read

Ethereum Görli testnet (Blockchain)

Easy Phish

Hack The Box. Challenges. OSINT

2 minutes to read

DNS. Email SPF and DMARC

ID Exposed

Hack The Box. Challenges. OSINT

1 minute to read

Gmail and Google Maps

Infiltration

Hack The Box. Challenges. OSINT

1 minute to read

LinkedIn and Instagram. Dorks

Money Flowz

Hack The Box. Challenges. OSINT

1 minute to read

Reddit. Ropsten Ethereum

A Puzzle in Seven Parts

ImaginaryCTF 21/12/2022

3 minutes to read

75 points. Seven-segment display. Hexadecimal and Base64 encodings

AAAA

ImaginaryCTF 12/12/2022

1 minute to read

50 points. DNS

Rather Secure Attachment

ImaginaryCTF 08/12/2022

3 minutes to read

100 points. RSA. Cipolla's Algorithm