Chiptuning
WinOlsStart a new projectStart WinOls and drop the configuration file into the GUI. We can see that we have 3 types of data: Text 2D View 3D View When you start it’s recommended to keep it at 16 bit decimal with LO HI profile. By using the button next to “<” sign we can scroll the data so we can look at them.But it’s RECOMMENDED to press that b..
Read more
SSH Honeypot
SSH HoneypotConfiguration A VPS ( virtual private server ) apt install libssh-dev nano /etc/ssh/sshd_config change the port to: 2244 systemctl reload sshd git clone the PeteMo sshpot to the vps cd sshpot nano config.h modify the RSA_KEYFILE: ./honepot ssh-keygen -t rsa -b 2048 Save the key to: /root/sshpot..
Read more
Netgear Firmware
Firmware HackingNetgear Devices - Unauthenticated RCE https://www.exploit-db.com/exploits/45909 Lately, I’ve been getting passionate about hardware and IoT. So today I will present a small guide to get started in pentesting hardware, on camera systems. Firstly, we will download the firmware from the official website, some websites might not put the firm..
Read more
Trick
Information GatheringNMAP command used: ( scanning for all the ports fast and efficient) sudo nmap -p- -sS --min-rate 5000 --open -T5 -vvv 10.10.11.166 -oG nmap/allPorts --defeat-rst-ratelimit command used: ( scanning the ports we got ) nmap -A -sC -sV -p22,25,53,80 10.10.11.166 -Pn -> All ports scan: Nmap scan report for 10.10.11.166 Host is u..
Read more
Search
Information GatheringNMAP command used: ( scanning for all the ports fast and efficient) sudo nmap -p- -sS --min-rate 5000 --open -T5 -vvv -Pn 10.10.11.129 -oG nmap/allPorts command used: ( scanning the ports we got ) nmap -A -sC -sV -p53,80,88,135,139,389,443,445,464,593,636,3268,3269,8172,9389,49667,49669,49670,49693,49702,49727 10.10.11.129 -Pn ..
Read more
Unbreakable Team
Unbr Team1st place at Junior Category and 5 GlobalWriteupmexican-specialties(50): SteganographyProof of FlagCTF{SISENIORILOVETACOBELLVERYVERYMUCH} SummaryWe get a image with a list of numbers that appear to be randomly at the first sight. Proof of SolvingIn this case I got the numbers manually because the string is not that big but it is preferable to..
Read more
ROCSC KOTH
- Tomato -Information GatheringNMAP command used: ( scanning for all the ports fast and efficient) sudo nmap -p- -sS --min-rate 5000 --open -T5 -vvv -Pn 164.90.170.107 -oG nmap/allPorts command used: ( scanning the ports we got ) nmap -A -sC -sV -p22,1592,3479,5824 164.90.170.107 -Pn Host is up (0.096s latency). PORT STATE SERVICE VERSION 22&#..
Read more
Seal
Information GatheringNMAP command used: ( scanning for all the ports fast and efficient) sudo nmap -p- -sS --min-rate 5000 --open -T5 -vvv 10.10.10.250 -oG nmap/allPorts --defeat-rst-ratelimit command used: ( scanning the ports we got ) nmap -A -sC -sV -p22,443,8080 10.10.11.105 -Pn -oA nmap/full_scan -> All ports scan: Reason: 65529 rese..
Read more
Secret
Information GatheringNMAP command used: ( scanning for all the ports fast and efficient) sudo nmap -p- -sS --min-rate 5000 --open -T5 -vvv 10.10.11.120 -oG nmap/allPorts --defeat-rst-ratelimit command used: ( scanning the ports we got ) nmap -A -sC -sV -p22,80,3000 10.10.11.120 -Pn -oA nmap/full_scan -> All ports scan: Not shown: 65454 clo..
Read more
ROCSC
ROCSC 2021Writeupcan-you-jump(210): PwnProof of FlagCTF{70dd83585c9e2656c8a391b7dbc1f28e8d40a98067fdb56adfb69b8e509481df} SummaryWe get a 64-bit executable, not stripped which we need to pwn.After some analysis we see that just NX is enabled so we can’t use shellcode for this exploit. After running the program we can see that it’s leaking a printf() ad..
Read more