Security – ExploitNetworking

CIS Benchmark for server hardening for Centos/RHEL/Ubuntu systems (Puppet)
Gallery

CIS Benchmark for server hardening for Centos/RHEL/Ubuntu systems (Puppet)

Joel Garia2020-11-04T00:23:38+02:00

Cyber security is becoming more and more important and securing your server with automation allows us to save a lot of time and respect best practices

CIS Benchmark for server hardening for Centos/RHEL/Ubuntu systems (Puppet)Joel Garia2020-11-04T00:23:38+02:00

RTCP Trivia Android Reverse Engineering
Gallery

RTCP Trivia Android Reverse Engineering

Daniele Scanu2020-04-29T10:37:13+02:00

This blogpost is related to a nice Android reverse engineering challenge: RTCP TRIVIA. The challenge description was: "We now have our very own trivia app! Solve 1000 questions and win a flag!". Ok, try to do it 😉.

RTCP Trivia Android Reverse EngineeringDaniele Scanu2020-04-29T10:37:13+02:00

Bronze Ropchain
Gallery

Bronze Ropchain

Daniele Scanu2020-04-27T10:16:07+02:00

Broze ropchain is a simple pwn challenge with a 32 bit binary. The first step is to check the protection of the binary with checksec util:

Bronze RopchainDaniele Scanu2020-04-27T10:16:07+02:00

SRNR
Gallery

SRNR

Daniele Scanu2020-04-27T10:17:12+02:00

Srnr is a binary exploitation challenge of redpwn ctf. Running checksec, we can see that there are only Full RELRO and NX protections, but any canary value.

SRNRDaniele Scanu2020-04-27T10:17:12+02:00

Jendy’s
Gallery

Jendy’s

Daniele Scanu2020-04-27T10:17:43+02:00

Hey guys, welcome back on Exploitnetoworking! Today we will see the writeup of the binary exploitation challenge Jendy’s by UTCTF. This challenge is an hard pwn binary, that for exploit it, you must use two technics, the first step is manage the heap for obtain an arbitrary free and the second step is use a format string for obtain a write what where.

Jendy’sDaniele Scanu2020-04-27T10:17:43+02:00

PHP Unserialization 35c3ctf
Gallery

PHP Unserialization 35c3ctf

Daniele Scanu2020-04-27T10:18:08+02:00

Welcome back on Exploitnetworking! Today we’ll see an interesting writeup of 35c3ctf ctf for a challenge with an unserialize that permit you to obtain an object injection. The challenge gave us the vulnerable source code: From code we can see that for obtain the flag we need to trigger [...]

PHP Unserialization 35c3ctfDaniele Scanu2020-04-27T10:18:08+02:00

[HTB] Sunday
Gallery

[HTB] Sunday

Daniele Scanu2020-04-27T10:19:04+02:00

Welcome back on Exploitnetworking! Today we’ll see the writeup of Hack The Box Sunday machine. This box was been really easy because with a simple nmap and with some enumerations you can enter in server, after that with some tricks you can get root user.

[HTB] SundayDaniele Scanu2020-04-27T10:19:04+02:00

Alienise
Gallery

Alienise

Daniele Scanu2020-04-27T10:19:23+02:00

Alienise was a web challenge of SECT CTF 2018, where you abuse of a nginx misconfiguration for get the flag.

AlieniseDaniele Scanu2020-04-27T10:19:23+02:00

Puppetmatryoshka
Gallery

Puppetmatryoshka

Daniele Scanu2020-04-27T10:19:45+02:00

Welcome back on Exploitnetworking! Puppetmatryoshka was a misc challenge of SECT CTF 2018 where it was necessary inspect a pcap file.

PuppetmatryoshkaDaniele Scanu2020-04-27T10:19:45+02:00

PingPong
Gallery

PingPong

Daniele Scanu2020-04-27T10:20:10+02:00

Welcome back on Exploitnetworking! PingPong was a pwn challenge of SECT CTF 2018, based on buffer overflow. The main goal was use an overflow to leak the memory addresses of remote libc (for bypass aslr) and then create a ropchain for spawn a shell.

PingPongDaniele Scanu2020-04-27T10:20:10+02:00