The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.
«Tim Berners-Lee»
SimpleAuth
Welcome back on Exploitnetworking. SimpleAuth is a web challenge of TokyoWesterns CTF. The base of this challenge is manipulate the php function parse_str to bypass auth control and get the flag.
Allow and block P2P connections on FortiGate (Torrent)
In this post we will see how to allow or block 2P2 traffic inside our fortinet.
[HTB] Celestial writeup
In this machine there is a nodejs service exploitable in a easy and direct way. And for privilege escalation there is a simple trick with python.
Ron, Adi and Leonard
Ron, Adi and Leonard is a funny crypto challenge, based on RSA, in particular in this challenge the exponent e is very big, then the ciphertext is vulnerable to Wiener’s attack.
She sells sea shells
Hey guys! Here there is another writeup of a pwn of the HackCon18 ctf. The challenge She Sells Sea Shells was a very easy pwn based on buffer overflow, where you can simply put a shellcode in buffer and jump on it!
Simple yet elegent pwn
Hey guys, it’s just finished the HackCon18 ctf, let’s see the writeup of Simple Yet Elegent pwn. This pwn is based on format string vulnerability and buffer overflow, then our target is leak an address of libc with the format string (because we suppose that ASLR is enabled), and then calculate remote system for spawn a shell.
My first Arm pwn
Recently I have tried for the first time an Arm pwn, a simple program vulnerable to buffer overflow. The only difference between an Arm pwn and a “normal” binary is the assembly code, but look this for see how exploit it.
Monitor computer resources, 3 pre-installed Microsoft tools
We analyze 3 programs for monitoring resources within our system, understanding the programs and services that use it and how
Mouse Without Border, the best free KVM
Mouse Without Border, the best free KVM to share keyboard, mouse and screens. Many features: can also be used through different sub-networks, encrypting data with a secret key, up to 4 pcs with a single keyboard / mouse and many other settings to make your life easier.
[HTB] Valentine writeup
Welcome back on Exploitnetworking! Today we’ll see a Valentine write up. This box is really funny because the first step is based on heartbleed vulnerability that permit you to exploit openssl protocol and read the machine memory.
Understanding the Windows Registry
Everyone has a problem with Windows and look for an online guide that shows us how to change the system logs in the hope of solving it without understanding what you are actually doing. Good but not very well. We try to fully understand what we are going to change and how these registries are composed.
Set up screen savers in a domain by group policy
With the entry into force in the GDPR, the need arose to block the screens of users's PC automatically in case they do not use it for 15 minutes. Let's find out how to do it quickly through our domain
The importance of understanding why to keep the UAC active
The hassle of having a screen that appears when trying to install a program can try to speed things up by lowering the level of security offered by Microsoft. Let's find out why this thing must'n never be done.
[HTB] – Nibbles writeup
Hey guys! Today we are on Hack The Box for see Nibbles writeup. This machine, was been relatively easy compared to other machine. The web part was easy enough and the privilege escalation: “a piece of cake”
[HTB] Falafel writeup
Falafel was one of my favorite machines on Hack The Box. Thanks to it I have learn many new tricks for the web part. The privilege escalation part was very exotic!