Cookie Consent by PrivacyPolicies.com
Home
Quantumly Confused
Cancel

NSEC 2020 - Crackme

NSEC 2020 - Crackme

Walkthrough of the 6 crackme challenges from NorthSec 2020. With increasing difficulty, and not necessarily with the reversing portion itself, I was able to finish all 6 for my team. Follow along as I step through my solutions and add some personal comments.

Qiskit Quantum Challenge 2020

Qiskit Quantum Challenge 2020

Overview and walkthrough of the IBM Qiskit 4th anniversary Quantum Challenge excercises and my solutions.

Hack the Box - Registry

Hack the Box - Registry

HTB Registry machine walkthrough. Working with insecure Docker credentials we manage to extract a SSH key and corresponding password crumbs for an initial user foothold. Following that access we find a sqlite file containing Bolt CMS admin credentials. Logging into the CMS we quickly modify the config file to allow a PHP shell of our choosing to access the host as www-data. Finally once we have www-data access we are able to abuse a restic sudo rule to expose the root flag.

Hack the Box - Sniper

Hack the Box - Sniper

HTB Sniper machine walkthrough. From an initial LFI/RFI foothold within the company website, to abusing malicious Windows help files, Sniper presents the story of a disgruntled developer and their middle finger to the Administrator/CEO on their way out. Sniper was a fun machine with a new angle on the RFI approach I had not used before and allowed me an opportunity to work with CHM files, something I previously also had not done.

Hack the Box - Forest

Hack the Box - Forest

HTB Forest machine walkthrough. Forest started with Windows enumeration using SMB and LDAP queries that lead to leveraging a lingering service account with PRE_AUTH disabled for user access. Once on the machine, we were able to abuse the existing Active Directory entitlements to create a malicious user entry with the rights to perform a DCSync using Mimikatz to acquire the Administrator's hash, finally using it to execute a pass-the-hash escalation to Administrator.

Hack the Box - Postman

Hack the Box - Postman

HTB Postman machine walkthrough. Postman was a quick, simple machine from HTB. We start off with a redis exploit for initial foothold, then pivot to user by using JTR to crack a backup SSH key before finally using an authenticated Webmin exploit to escalate ourselves to root.