After downloading and unpacking the original file, we are given a misc.zip file. After running the command 7z x misc.zip, 7zip prompts us for a password. Using fcrackzip I specified a dictionary type attack using the popular rockyou.txt wordlist in kali. ...
When first getting this file, we were a little unsure about what steps to take for this challenge. As this was my first time attempting an Android based challenge I used the Googles for ideas. While one team member was working on getting the circle.apk file...
Thank you, Mr. Watterson, for explaining, so clearly, what I've felt for a lifetime.
Thank you for Calvin & Hobbes, too. I stand on the shoulders of giants.
Many of these web challenges I surprised myself with. I learned PHP a long time ago, and barely used it ever since. Often I would look over and not see a vulnerability, or mistake the vulnerability. It wasn't until deeply researching the key lines of code d...
This was my first time competing in the PragyanCTF and they did a great job. Each category had a variety of challenges with varying difficulty. Knowing this is a stego challenge, we should look if there are embedded files within the jpeg they give us: stego...
Firmware Forensics: Diffs, Timelines, ELFs and Backdoors
This post covers some common techniques that I use to analyze and reverse firmware images. These techniques are particularly useful to disse
obscuresec: Command Injection to Code Execution with PowerShell
A common scenario that testers face involves leveraging command injection vulnerabilities into a full-blown shell. A lot of people view comm