Category: Writeups & Walkthroughs
-
TryHackMe – Airplane
Source room: https://tryhackme.com/r/room/airplane Airplane is another tagline-only room at TryHackMe with the description of “Are you ready to fly?” Let’s fly! I am testing on a Kali VM with a VPN connection to TryHackMe. With the VPN connected and room instance launched, I started by running an nmap scan against the target machine. The results…
-
Decrypting Stolen Slack Cookies with SharpChrome
Slack is a productivity platform used by many businesses for team chats and communication. There’s a great article about abusing Slack for offensive operations that gives a detailed overview of the platform and how it can be leveraged. Then there’s a Part 2 article that gets into the more recent changes in Slack’s cookie encryption and discusses how to…
-
TryHackMe – Expose
Expose is a TryHackMe room with the tagline “Use your red teaming knowledge to pwn a Linux machine.” That’s not much in the way of details besides exposing (no pun intended!) that it’s a Linux box, so let’s get straight to nmap and find out what I’m dealing with. The initial nmap scan showed five open…
-
Gandalf
Source website: https://gandalf.lakera.ai Last night, I was pointed to the Gandalf challenge provided by Lakera. Lakera provides AI based services to test and secure implementations of AI/LLMs in applications. The Gandalf challenge is an AI chatbot and the goal is to manipulate it to give up his password. There are 7 levels of increasing difficulty,…
-
TryHackMe – Retro
This is my writeup for the TryHackMe room “Retro” at https://tryhackme.com/room/retro. This room is labeled a “hard” room so I wasn’t quite sure what to expect. I still feel like there’s so much I still need to learn, but I’m definitely getting into the red team mindset and these rooms are getting easier. The description mentioned…
-
TryHackMe – Brainpan 1
This writeup is for the TryHackMe room “Brainpan 1” at https://tryhackme.com/room/brainpan. The goal for this room is to reverse engineer a WIndows executable and craft a buffer overflow to gain access to the machine. There are three questions for this room with no flags to capture, so I’ll have to measure my progress by access level:…
-
TryHackMe – Gatekeeper
This is my writeup for the TryHackMe “Gatekeeper” room at https://tryhackme.com/room/gatekeeper. Gatekeeper is a delightfully vague room requiring me only to submit a User flag and a Root flag. There is little description beyond mentioning a gate and fire twice. Sounds exciting! Let’s begin. Note: since TryHackMe does not accept writeups for this room, I will…
-
TryHackMe – Buffer Overflows Task 9
Source room: https://tryhackme.com/room/bof1 This task is just like the Task 8 machine, except with different offsets. Let’s dive right in! I SSHed into the machine and into the overflow-4 folder. There is another secret.txt file, this time only accessible only by user3. Looking at the source code, there’s no input validation so this is a good candidate…
-
TryHackMe – Brainstorm
This is my writeup for the TryHackMe Brainstorm room. The goals of this room are to reverse engineer a chat program running on a Windows machine and write an exploit to gain root access. It’s recommended to complete the previous buffer overflow exercises. I just finished the Buffer Overflow room so I felt reasonably prepared to attempt this…
-
TryHackMe – Buffer Overflows Task 7 Overwriting Function Pointers
Source room: https://tryhackme.com/room/bof1 In this task, our objective is to overwrite the normal flow of the program so that it jumps to the special() function. This function is otherwise unreachable by any program logic. After we SSH into the machine and CD to the “overflow-2” folder, we find the func-pointer binary and the C source…