The Binary Exploitation: Stack based Buffer overflow

This article talks about cracking Level 13 Binary of Cyberstart CTF. The hint that was given for this challenge is “Cyclic Pattern”, which means we need to use pattern finder tool to figure out the length of the buffer and then run the arbitrary function. Let’s crack this: Running the binary gives us this output:

LupinOne empire

Empire: LupinOne Walkthrough – Privilege escalation through Python Libs

This article is a walkthrough for Empire LupinOne vulnerable machine. You can download this from vulnhub. The vulnerable machine is full of fuzzing and escalation of privileges by exploiting Python libraries with SUID being setup. Let’s look into exploiting this: Requirements: 1. Vmware/Virtual Box < This is to run the vulnerable machine. 2. Download LupinOne

Log4Shell Quick Lab Setup for Testing

Last month, On December 09 2021, The release of a Remote Code Execution POC over twitter involving exploitation of Apache’s log4j2 logging class took everyone’s peace away. The attack was pretty simple and the fact that it can be easily exploited by anyone is what made this more terrifying. The first edition of this attack

Pwned Vulnhub Walkthrough

Pwned vulnhub challenge is an easy boot2root machine. One of the key take away from this machine is how you can escalate your privileges using Dockers. This blog post is about how I exploited this machine and what are the different tools I used to make that happen. Below are the requirements: You can get

Insecure Code Management – Git

Insecure code management is when part of the code exposes sensitive information which shouldn’t be exposed to the world. Now it can happen in a lot of situation where the API keys/Passwords are hard-coded and it has been shared mistakenly by the developers. This article will cover the part of Git version control feature and

How to setup your own Basic Telemetry Lab with Cisco XR

In this article, we will be talking about setting up a basic Lab for testing Telemetry on a Cisco NC55XX router. Telemetry – “Tele” means remote, “metry” means metrics or measurements, together this word simply means to collect data/measurements remotely on a server. Telemetry is usually a PUSH model meaning the client will push data

Hacker101 CTF walkthrough Micro-CMS v1 and v2

Hacker101 CTF is based on Web, Crypto and Android platforms. The challenges are good for the beginners, some of the basics are covered through these CTF. I will be discussing “A little something to get you started”, “Micro-CMS v1” and “Micro-CMS v2” in this post. Check out my post on Bugcrowd’s CTF writeup here:

BugCrowd’s LevelupCTF 0x07 walkthrough

LevelupCTF is a seven flag CTF. It contains vulnerabilities from information disclosures to Remote Code execution. Each flag provides hints towards the next flag. The CTF consists of wide range of challenges which provides great learning as well. Below are the vulnerabilities and their impacts that I have found: Sensitive Data Exposure – P4 Broken

%d bloggers like this: