The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.
«Tim Berners-Lee»
Deleting old DNS records, scavenging on the Domain server
We may find ourselves on our domain server with old DNS records associated with IP addresses that however are dated or no longer reflect the current reality. We try to understand how to eliminate them automatically without going crazy.
DNS, what is it?
DNS, acronym of Domain Name System. It is a hierarchical client / server distributed database management system that translates the domain name / host into an IP address.
[HTB] Sunday
Welcome back on Exploitnetworking! Today we’ll see the writeup of Hack The Box Sunday machine. This box was been really easy because with a simple nmap and with some enumerations you can enter in server, after that with some tricks you can get root user.
Understanding the methods and types of backups
The backup, probably one of the most important things if you do not want to be screwed in IT. Only at the thought of losing important data within a company is the creepy. So we try to understand what backup is and its various types.
Puppetmatryoshka
Welcome back on Exploitnetworking! Puppetmatryoshka was a misc challenge of SECT CTF 2018 where it was necessary inspect a pcap file.
NTFS permissions in Windows
Each operating system has its default file system, each with its merits and defects; APFS for Mac OSX, Ext4 for Linux and NTFS for Windows. We analyze the NTFS to understand how it behaves with the permissions associated with files and folders.
SimpleAuth
Welcome back on Exploitnetworking. SimpleAuth is a web challenge of TokyoWesterns CTF. The base of this challenge is manipulate the php function parse_str to bypass auth control and get the flag.
Allow and block P2P connections on FortiGate (Torrent)
In this post we will see how to allow or block 2P2 traffic inside our fortinet.
[HTB] Celestial writeup
In this machine there is a nodejs service exploitable in a easy and direct way. And for privilege escalation there is a simple trick with python.
Ron, Adi and Leonard
Ron, Adi and Leonard is a funny crypto challenge, based on RSA, in particular in this challenge the exponent e is very big, then the ciphertext is vulnerable to Wiener’s attack.
She sells sea shells
Hey guys! Here there is another writeup of a pwn of the HackCon18 ctf. The challenge She Sells Sea Shells was a very easy pwn based on buffer overflow, where you can simply put a shellcode in buffer and jump on it!
Simple yet elegent pwn
Hey guys, it’s just finished the HackCon18 ctf, let’s see the writeup of Simple Yet Elegent pwn. This pwn is based on format string vulnerability and buffer overflow, then our target is leak an address of libc with the format string (because we suppose that ASLR is enabled), and then calculate remote system for spawn a shell.
My first Arm pwn
Recently I have tried for the first time an Arm pwn, a simple program vulnerable to buffer overflow. The only difference between an Arm pwn and a “normal” binary is the assembly code, but look this for see how exploit it.