CTF

H1-2006 CTF Write-up

HackerOne recently held a CTF with the objective to hack a fictitious bounty payout application. While my write-up of this CTF is now public and can be seen here, this is a different kind of write-up where I will be more open and go into the areas where I had a lot of trouble. I’m …

H1-2006 CTF Write-up Read More »

HackTheBox Traverxec

Traverxec is rated as an easy box on HackTheBox. User As with all HackTheBox machines I started with an nmap scan which identified port 80 was open and running nostromo 1.9.6, a simple HTTP server also called nhttpd. While searching for some information on nostromo, pretty much the first search result was about a known …

HackTheBox Traverxec Read More »

Nahamsec CTF write-up

Nahamsec recently created a CTF when he reached 30k Twitter followers. The only information he gave was here, so there wasn’t really much to go on. This is my write-up; I decided to send my write-up like a bug report. This style of course does not tell the time wasted looking in all the wrong …

Nahamsec CTF write-up Read More »

HackTheBox Bitlab

Bitlab is rated as a medium box on HackTheBox. User As is usual with HackTheBox, I started with an nmap scan and discovered ports 22 and 80 open. Going to the web server on port 80 and looking around, I found an interesting link under ‘help’ that wouldn’t open. Turned out the link was this …

HackTheBox Bitlab Read More »

HackTheBox Heist

Heist is an easy Windows box on HackTheBox, however since I have very little experience with Windows, I found it rather difficult. User The usual nmap scan reveals the following ports are open: Port 80 presents a login page and a forgotten password link (/issues.php), which actually goes to a forum post with an attached …

HackTheBox Heist Read More »

HackTheBox Networked

‘Networked’ is rated as an easy machine on HackTheBox User The usual nmap scan revealed the following open ports: Running gobuster on port 80 revealed a few endpoints, the most interesting one being /backup which had a tarred backup file which included all the PHP files the server was running on port 80. Running those …

HackTheBox Networked Read More »

HackTheBox Haystack

‘Haystack’ is rated as an easy machine on HackTheBox. USER Running nmap on the machine showed that only a few ports were open, with http running on both port 80 and 9200. Visiting port 80 revealed a very simple page with an image and nothing else. Gobuster didn’t reveal any other endpoints on this port, …

HackTheBox Haystack Read More »

HackTheBox Writeup

‘Writeup’ is rated as an easy machine on HackTheBox. User As always, I started with an nmap scan which revealed two ports open, port 22 (SSH) and port 80 (HTTP). Visiting port 80 showed a very simple page and nothing else. No links, nothing. Well, except for a warning that I’d be banned if I …

HackTheBox Writeup Read More »

50m CTF write-up

On the 26th of February HackerOne announced ‘the biggest, the baddest, the warmest’ CTF, with an incredible price of 10.000 US$. Being a beginner hacker my first reaction was: ‘with that kind of price, I’ve no chance in hell to solve it!’. However, since I love playing CTFs I took a shot anyway. This is …

50m CTF write-up Read More »