From 7039f4c4c2012b7bdd6cc68005798277e546c29d Mon Sep 17 00:00:00 2001 From: z9fr Date: Wed, 27 Dec 2023 00:56:24 +0530 Subject: [PATCH] feat: added only hello-world blog post --- blog/bootcamp-ctf-foss-nsbm.markdown.markdown | 374 ------------------ blog/ejpt-experience.markdown | 102 ----- blog/hello-world.markdown | 10 + blog/red2libc.markdown | 2 +- blog/secret-to-hack.markdown | 162 -------- blog/thats-the-ticket-thm.markdown | 94 ----- 6 files changed, 11 insertions(+), 733 deletions(-) delete mode 100644 blog/bootcamp-ctf-foss-nsbm.markdown.markdown delete mode 100644 blog/ejpt-experience.markdown create mode 100644 blog/hello-world.markdown delete mode 100644 blog/secret-to-hack.markdown delete mode 100644 blog/thats-the-ticket-thm.markdown diff --git a/blog/bootcamp-ctf-foss-nsbm.markdown.markdown b/blog/bootcamp-ctf-foss-nsbm.markdown.markdown deleted file mode 100644 index 1331707..0000000 --- a/blog/bootcamp-ctf-foss-nsbm.markdown.markdown +++ /dev/null @@ -1,374 +0,0 @@ ---- -title: CTF writeup for BOOTCAMP CTF challenge -date: "2021-08-05" -tags: - - beginner - - ctf ---- - -Hello, you amazing hackers! Welcome back to another CTF walkthrough. so this time we are going to go through the Bootcamp CTF conducted by owasp community from FOSS NSBM. so this was really beginner-friendly and easy CTF. also I want to mention you can find the challengers in a GitHub repository after the CTF is over so that you can try to play this challenger yourself. so without further due let's get started with hacking. also, you can find the live walkthrough of this Bootcamp below. - - - -![](/img/screely-1624134704670-1024x573.png) - -So the image above was the dashboard for ctf challengers. so we will start from the first one - -## can you find the sup3r S3cr3t key ? - -can you find the sup3r S3cr3t key? is the first challenge in the Bootcamp CTF. so in the challenge description you can see "find the flag, submit" it doesn't give us much information right? so let's view the hint so in the hint we can see REVERSE? keyword. ahh, interesting. and for the task files, we can see it gives us a binary file and when we run it - -![](/img/carbon56-1024x354.png) - -so it seams like we have to enter a key to get the flag, but how can we find the key? so for this I thought of using IDA Freeware (Interactive Disassembler) this is basically a disassembler also you can use Ghidra too. - -![](/img/screely-1624135264896-1024x598.png) - -oh wow! here immediately we can see the secret token. great! so I think now we can just use this token to get the flag! great also if you view the hex you can see the flag too I have shown it in the below diagram - -![](/img/carbon57-1-1024x403.png) - -also we can use that secret key to get the flag... as shown in the diagram below - -![](/img/carbon58-2-1024x258.png) - -and in case you need a show and very simple way to do it you can just cat the file or view the strings. - -![](/img/carbon59-1024x500.png) - -#### Beautiful Mountain - -So the second challenge was Beautiful Mountain , in this challenge description we cant see anything really interesting all we can see is just "hmm..." this wont help us right ? so let's go ahed and view what are in the task files. - -![](/img/beautiful-1024x680.jpg) - -and yes! the task file is basically this. is this a typical image? I don't think so. let's go into our terminal and try stenography to see if something hidden inside this image. - -this this case im using steghide, you can also use the other tools syntax I used is mentioned below. - -```bash -steghide --extract -sf beautiful.jpg -``` - -![](/img/carbon60-1-1024x581.png) - -and yes! it did work we successfully got the flag. good job. so lets move on to the next challenge - -#### Something is wrong with my image - -in the description of this challenge we can see something saying "**Can you fix this for me ?**" but in the task files we can see an image. seems interesting huh? Let's first get the image and see what's going on that - -![](/img/2021-06-20-02_29_30-broken.jpg-JPEG-Image-—-Firefox-Developer-Edition-Private-Browsing-1024x123.png) - -so you can see it says broken.jpg cant display because it contains errors. in this case you can use a tool like wget to get download this image. - -```bash -wget https://downloads.hack.fossnsbm.org/challengers/broken.jpg --no-check-certificate -``` - -so after getting the image you can still see you can't open the image but why? so it seems like the image is corrupted but how can we know what is that? we'll for this type of case we can use tool like hex editor, so if you don't know hex editor is - -
A **hex editor** (or binary file **editor** or byte **editor**) is a computer program that allows for manipulation of the fundamental binary data that constitutes a computer file. The name '**hex**' comes from '**hexadecimal**': a standard numerical format for representing binary data. -> ->
- -so if we view the binaries of this image we can see why it says this file can't be displayed. - - hexeditor broken.jpg - -![](/img/2021-06-20-02_33_41-Kali-Linux-2021.1-vbox-amd64-Clone-Running-Oracle-VM-VirtualBox.png) - -so as you can see in the above image the first values are changed to zero but in jpg file it should be - - FF D8 FF E0 00 10 4A 46 49 46 00 01 01 01 00 48 - -it seams like first two parts are changed. great! so lets manually try to change these values and see if we can at least view this image - -![](/img/2021-06-20-02_41_05-Kali-Linux-2021.1-vbox-amd64-Clone-Running-Oracle-VM-VirtualBox-1024x392.png) - -and yes! after changing the values we can see the image is actually is displayed! great but where is the flag? just like before let's try steghide and see if we can get the flag - -![](/img/carbon61-1-1024x391.png) - -and yes! we found another flag, and let's move on to the next challenge. a quick reminder here tho in this writeup I'm on going to walkthrough about the challengers in the CTF. so here I'm not going to show about the flags on the website. so let's skip the **what do you think about our cool website** challenge and then move on to the next challenge. - -#### WHAT DO YOU THINK ABOUT MY MUSIC SKILLS? - -so let's talk about this challenge now. in the challenge description, we can see it says "here's a song I played" and great! and for the task files, we can download the music.wav file. and for the hint, we can see something very very interesting. the hint basically says it all **"THIS IS DEEP"** so if you have some experience with steg challengers you probably have heard about **the **DeepSound tool. a deep sound is a tool that helps us to hide something inside an audio file. great everything seems clear. first, let's download the task files and see. - -so you can see the audio file above, in this file, I didn't hear any weird breaking or courpted scenes. mostly if someone hides or something inside the audio files that happens. but in this case, we can't see anything like that ( if you are curious you can use tools like **sonic visualizer** to further enumeration ). since the hint itself mentioned about DeepSound let's try to use it first and see. - -![](/img/2021-06-20-02_53_17-DeepSound-2.0.png) - -haha great! just after you open the file ( use Open Carrier files tab to open a file ) you can see the file we are looking for xd , we got the flag.txt and you can use the "Extract secret files" tab to get the flag to you! - -#### Can you decode this to me? - -
i encoded a file but i can't remember how to decode it can you help me? -> ->
- -So for the challenge description we can see it says above , great . seams like we have to decode this to get the flag. cool so let's first download the task files and see what we have to do. - -![](/img/2021-06-20-03_03_54-Kali-Linux-2021.1-vbox-amd64-Clone-Running-Oracle-VM-VirtualBox.png) - -but wait the zip file is password protected! crap. the challenge doesn't say anything about password hmm. Let's try to crack the password first and see - -first, let me explain how to crack a zip file. so for cracking the zip file I'm going to use John the Ripper (this is a free password cracking software) also if you are using apt package manager you can install this by simple** apt get install john **command. - -so for cracking the password, we are using zip2john so basically to crack the zip file first we need to convert it to a format that the john the ripper tool can understand. and after that, we can crack it using a brute-force attack or dictionary attack if you are using brute force attack/password attack I can recommend you the rock you password list, you can download it from [here ](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwin5NDn1KTxAhWBgtgFHQeXDi0QFjAAegQIBRAD&url=https%3A%2F%2Fgithub.com%2Fbrannondorsey%2Fnaive-hashcat%2Freleases%2Fdownload%2Fdata%2Frockyou.txt&usg=AOvVaw3snAERl1mU6Ccr4WFEazBd) - -the method is actually pretty straight forward i will leave the commands below - -```bash -zip2john bubble.zip > bubble -john --wordlist=wordlist.txt bubble -``` - -![](/img/carbon62-1-1024x402.png) - -great so now we have the unzipped file and we can see the encrypted file - -```bash -'xivog-voluh-pukag-sahah-doboh-baleh-faleh-fafaf-cohyf-disef-disoh-zubah-zokeg-noveh-cisog-pikyh-gafyh-zifoh-zuhif-bucyf-notyg-hakah-kogah-dizix' -``` - -so if we view the challenge hint we can see a hint, saying bubble.. this is weird right? but actually, it's not it gives us what to do. is shows us the direction so if you don't know in python we have a library called bubblepy, seems like this is the way. let's give this a go - -so in-case you are interested you can find the documentation for bubblepy below - -[https://pypi.org/project/bubblepy/](https://pypi.org/project/bubblepy/) - -so to install this library you can use - -```bash -pip install bubblepy -``` - -```python - from bubblepy import BubbleBabble - bb = BubbleBabble() - bb.decode('{encode value here}') -``` - -![](/img/carbon63-1-1024x417.png) - -and just like that ! we successfully finished this challenge! great... and now let's move on to the next one. - -#### I just learned python!! - -
here's a dumb code i wrote to print whatever u enter back -> ->
- -so for the description of this challenge, we can see this, but if we view the hint we can see it says, or is it really dumb.. interesting right? let's get the task files and see what we can do here. - -so for the task files, we download a pyc file, so if you don't know what is a pyc file **pyc files** are created by the Python interpreter when a . py **file** is imported. so first we'll run this file then we will see what we can get - -![](/img/carbon64-1-1024x253.png) - -so as the description says, this actually seems very dumb. but is it really? to figure this out we have two options. we can FUZZ the input and see if we are getting something else. or else we can even try to decompile pyc file and see what does the code do so first let's try the second method and see - -so for decompile the file you can use a tool like uncompile6 this is actually a python library so you can just install this with pip - -[https://github.com/rocky/python-uncompyle6/](https://github.com/rocky/python-uncompyle6/) - -you can find more information about this tool from the above link so here I'm going to use it to see what is the decompiled output - -![](/img/carbon65-1-1024x372.png) - -haha great! seams like it gave us the python code, - -![](/img/carbon66-1-1024x238.png) - -and as above you can see the code and the flag. haha great! good job if you completed this. lets move on to the next challenge. - -#### API - -in the hint we can see it says can you find the key. haha great! also it gives us the challenge website. which is https://api.hack.fossnsbm.org/ and when we go there we can see it asks for the key "please enter the key (P)" ( since this is a API we need to send it via request method ) so how can we find the key ? first let's try some dir fuzzing. here I'm going to use gobuster. since its easy and does the job done real quick. - -so first im gonna run gobuster scan and see if we can find something - -```bash -gobuster -u https://api.hack.fossnsbm.org/ -w wordlist.txt -x bak -k -``` - -here I'm using **-x** for mention that I'm looking for bak files , and I'm using **-K** flag to disable certificate checks. - -![](/img/carbon67-1-1024x432.png) - -and great! we got **status 200 for key.bak **, that means there is a file called key.bak. great so let's first get that file and see whats in there - -![](/img/carbon68-1024x223.png) - -and we can see the key.bak file now. great! so whats next let's request this to the website to see if we can get the flag. - -``` -84107418413276471232732487324602 -``` - -[https://api.hack.fossnsbm.org/?p=84107418413276471232732487324602](https://api.hack.fossnsbm.org/?p=84107418413276471232732487324602) - -![](/img/2021-06-21-23_39_17-Firefox-Developer-Edition.png) - -hmm and after the request we can see it says what are the other methords you have.. so if you dont know here we are performing a get request. so let's try to do a post request and see what's going to happen. - -so for make things simple i wrote a very simple html code with a flag that performs the action to this website ( post ) so you can see it below - -```html - - - - - - - Document - - -
- - -
- - -``` - -![](/img/carbon70-1-1024x387.png) - -so as you can see it's very simple. so if you don't understand it basically performs an action to the given URL with a post request and it sends the parameter P with the value we enter into the form. so let's see what happens if we enter our key here. - -so as you can see in the above video snippet we successfully got the flag. also, there are a lot of other ways we can do it. but I thought doing this will be more helpful for beginners and everyone. - -#### Awsome SocialMedia - -
Make sure you check our social media -> ->
- -so this challenge is a OSNIT challenge , it says make sure you check our social media so to find the flag here you can go the the facebook page of foss nsbm - -[https://www.facebook.com/foss.nsbm](https://www.facebook.com/foss.nsbm) - -and in the first post about the boot-camp you can find the flag. - -![](/img/2021-06-22-01_52_38-1-FOSS-Community-NSBM-_-Facebook-—-Firefox-Developer-Edition.png) - ---- - -## SQL CHALLENGE - -![](/img/Screenshot-2021-06-21-at-23-54-02-BOOTCAMP-CTF-1024x530.png) - -[https://sql.hack.fossnsbm.org/](https://sql.hack.fossnsbm.org/) - -Now let's get start with the sql challenge. so first in this challenge we dont have much info all we have is the url to inject and nothing more. but the title says it all. so first when we go to the website we can see a login screen. - -![](/img/screely-1624301666460-1024x558.png) - -Great, so for the login screen I tried brute force the password. You can even try the SQL injection here but to make things more simple I thought of brute-forcing the login and see what's next. so the username and password were actually pretty guessable. it was - - admin - bootcampnsbm - -and when the login is success we get a redirect to welcome.php site - -![](/img/2021-06-22-00_26_56-.png) - -this is something like search office panel. great! so the search function really got my attention here. so what i did was i checked the request going on with the search function. - -![](/img/2021-06-22-00_29_14-.png) - -so here I used burp to catch the request, also here just want to mention before you guys get confused I'm going this on locally. not in the https://sql.hack.fossnsbm.org/ the request and everything are just the same so don't get confused. methods and everything the same. - -so from the request we can see some interesting things. there is a parameter called search and it contain the our search term and also it sends a post request to welcome.php file to give us the output. great so what if we enter some invalid character as search , can we make some error on the SQL syntax going in the background ? lets test. - -![](/img/got-error-1024x281.png) - -ahh great! so we managed to make an error. so now we can confirm that this is vulnerable to SQL injection ( to perform the error I used **''** because this will break the SQL syntax ) - -### So how can we exploit this ? - -to exploit this I thought of using [sqlmap](https://sqlmap.org/) so first to exploit this I saved the request to a request.txt file. - -![](/img/2021-06-22-00_37_29-.png) - -and it should save the output in XML format - -![](/img/carbon72-1-1024x909.png) - -great! so now we have the request and all, so what's next? now it's time to just wait and see how sqlmap will do the magic for us. - -```bash -sqlmap -r request.txt --dbms=mysql --dump -``` - -![](/img/carbon74-1-914x1024.png) - -so just wait for some time and you should get all the tables. also if this was not clear for you you can find a simple video of doing this. also I just wanted to mention that I will soon upload a detailed walkthrough of this SQL injection very soon! so stay tuned for that. I will update here when it's completed - - - -so after successfully exploiting the SQL injection. Let's move on to the next challenge - ---- - -## XSS CHALLENGE - -![](/img/Screenshot-2021-06-22-at-00-56-24-BOOTCAMP-CTF-1024x530.png) - -great. we are in the final challenge now. let's see what we have to do here. - -so when we go the [xss.hack.fossnsbm.org](https://xss.hack.fossnsbm.org/) we can see a simple note-taking type application. seems interesting so let's see what is does - -![](/img/Screenshot-2021-06-22-at-01-21-43-Bootcamp-Hackathon-Notes-1024x530.png) - -so as we can see it shows whatever we enter in the note section. cool! so in the above, I have tried by adding some HTML tags to see if it renders but as you can see in your note section it doesn't seem to work, seems like it ignores all the tags but let's check the source and see how it looks. - -![](/img/2021-06-22-01_29_34-Bootcamp-Hackathon-_-Notes-—-Firefox-Developer-Edition.png) - -foreget about rendering the html, here we can see something very interesting. so as you can see here the value we enter is inside of the value in input tag so what we can do now? lets try to close this using out injection and see what happens you can find the payload i used below. - -```html -Hello "> -

myinjection

-``` - -![](/img/Screenshot-2021-06-22-at-01-31-41-Bootcamp-Hackathon-Notes-1024x530.png) - -haha great! see what happened ? we successfully managed to inject some HTML code to the input tag. this is actually very common injection technique in bug bounty hunting. so far everything is going super smooth. so whats next ? let's injection some java-script as the same we did with the HTML - -![](/img/2021-06-22-01_34_49-Bootcamp-Hackathon-_-Notes-—-Firefox-Developer-Edition.png) - -and as you can see here we successfully trigerd the XSS injection. and after you click enter you should get a redirect to another page. - -![](/img/Screenshot-2021-06-22-at-01-36-20-Bootcamp-Hackathon-Notes-1024x530.png) - -in case you didn't notice what happened was after triggering the XSS injection you got assigned a cookie. and then you got a redirect to a welcome.php site. you can see javascript function that trigers this action below - -![](/img/carbon75-1-1024x238.png) - -so after you got redirected since the cookie you have is valid you will get redirected again to this hidden HTML page. and you can see the cookie that got assigned to you below. - -![](/img/2021-06-22-01_39_21-Bootcamp-Hackathon-_-Notes-—-Firefox-Developer-Edition.png) - -so far everything is going smooth but what do we have to do with this website ? why is it hidden ? haha just look at the source code and you will understand. in the source code you can find a flag. - -`ZTA1Zk1FczRPRVJFTVY5VFgxUTJRa0ZXVkRSSlgwSmZXbEpOU2xrME4wbEtYMDFmVlZFMlFrOWFXVkJaT0gwPQ==` - -you might think thats all. haha but there is one MORE.... - -![](/img/carbon76-1024x238.png) - -if case you didnt notice the background image is called weird.jpg. what do you think ? haha yes its another stenography challenge. - -![](/img/carbon77-1024x581.png) - ---- - -and yes! finally, we got to an end! if you completed the challenge congrats! this was a very fun CTF and it was a pretty easy one. so if you are just starting out I think this was a great opportunity for you. in case you couldn't participate the challenge don't worry you can set up these challengers yourself by downloading all the task files from the Github repo. if you are having any problems with the challengers or if you need any help for the challengers feel free to contact me. you can send me an email at [dasithsv@gmail.com](mailto:dasithsv@gmail.com) I will help you with the challenges or setting up the challengers. - -also shutout to the ctf winners - -![](https://dev-sdfsdfsdfs.pantheonsite.io/wp-content/uploads/2021/07/651b9124-6aaa-4055-89e9-c4b8954d41fa-1024x1024.jpg) - -so I really hope everyone enjoyed the CTF a lot! and we are hoping to come up with new more ctf's soon! until that stay safe and as always **keep On Hacking!** diff --git a/blog/ejpt-experience.markdown b/blog/ejpt-experience.markdown deleted file mode 100644 index 362b009..0000000 --- a/blog/ejpt-experience.markdown +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: "My EJPT Experience" -date: "2021-08-05" -categories: - - "beginner" -tags: - - "cert" - - "ejpt" - - "redteam" ---- - -Hello everyone! So I know its been a while since I passed the exam. I couldn't complete this article because I was busy with some personal stuff. Anyways here's my experience with the EJPT exam. so in case you don't know, EJPT stands for "eLearnSecurity Junior Penetration Tester" and this is a 100% practical certification on penetration testing and information security essentials. and if you need to look for more information about this certification you can do it from their website. I have added the link for the certification on their website so feel free to check that out. - -[elearnsecurity.com/product/ejpt-certification](https://elearnsecurity.com/product/ejpt-certification) - -## My Background - -So first of all here's a little bit about my background. so I'm a second-year cybersecurity student. and currently, I'm doing my degree at Plymouth University in cybersecurity; also I want to mention that I honestly don't have any industry experience. I haven't worked as a penetration tester anywhere. and I don't have much real-life experience. ( I have worked on some small projects and penetration tests for some friends but I don't think I got any good real-life experience from those projects ). - -also when I talk about my background I want to mention that I do play a lot of ctfs myself. and that's one of the main ways I learn about new stuff. and play with things. in fact, you can check me out on try hack me and hack the box. from the below cards. and I think that's enough about me. so let's talk about the exam now - -## Where did I practiced ? - -So when it comes to studying for the exam I honestly didn't study a lot. I purchased my exam voucher on the 1st of August and I completed the exam on the 4th of August. but before participating in the exam I went through some material from the INE pts course. and also I completed all three black boxes from the INE labs. but I don't think that's essential to pass the exam since most of the stuff from those black boxes was not on the exam. in fact, those boxes were harder than the exam according to my experience. - -I cant honestly tell if the INE training is good because I didn't cover the whole thing. but from what I did it was quite okay; even tho some videos were pretty old. some were using backtrack 5 to demonstrate the tools. but yeah. - -for the most part, I used try hack me. thm is like my go-to platform to learn cybersecurity-related things. so if you haven't heard about or used try hack me before I would highly recommend that. also, I have a blog post about tryhackme you can even read about that to get more ideas about the platform - -[secret-to-hack](/blog/secret-to-hack/) - -## What was my exam experience - -So when we talking about the exam experience. the exam was a 3-day exam. and for me, it only took around 7-8 hours to complete. I would say the exam was pretty easy. it was not a very complex one and the exploits were pretty easy. but I got stuck with the initial step a bit. so if you are a person who plays ctfs a bit this might happen to you. since the exam is much different from the CTF type. the exam feels like a real-life penetration test most time so if you have some real-life experience I would say that would be very helpful here. but if you don't have real-life experience the INE labs will give you that experience. - -so if you are planning to get the exam I would highly recommend studying some networking concepts like routing. since that will come helpful in the exam. so you won't get stuck, - -also for purchasing the exam you can get it from the Elearn security website. the process was pretty simple you can add to cart and the pay the amount. after that, you can create an account from the same email you used to purchase the certification and you should get the certification in around 30 mins if its a weekday, but if you didn't get it don't get panic, this happened to me tbh , and I could not find any resources talking about this, but you can just send an email to [support@ine.com](mailto:support@ine.com) and they will add the exam to your account ( since this process is actually a manual one ) also if you need more help you can join to their unofficial discord server and you can definitely get some help from that ( that's what I did ). - -[https://elearnsecurity.com/product/ejpt-certification/](https://elearnsecurity.com/product/ejpt-certification/) - -[https://discord.gg/Dwuz7hYraG](https://discord.gg/Dwuz7hYraG) - -also, another thing to remember in the exam is the exploits are really easy. so if something doesn't work for you on the first or second try just reset the exam lab. because this happened to me I was exploiting a very common RCE with Metasploit and it didn't work for me. I honestly wasted a lot of time figuring out why its not and then I rested the lab. and everything worked perfectly. - -as I told you before the exam is a practical exam. but you have to fill a quiz to pass the exam. and don't think you can google the answers for the quiz since it won't work. the questions for the quiz is totally based on the exam; as an example, - -``` -what was the name of x who found y ? - -- a -- b -- c -- d -``` - -this type of question ( this was a completely random one ) so don't think about that. you only get the answers if you hack your way into the network. - -and the exam was overall good I would say. just remember that if something is not working you might need to reset the labs. also resetting the labs won't lose the answers you supported to the quiz. - -The exam only tests you on very basic things, because of that you don't have to worry about other things like scripting or editing payloads you can probably exploit every machine with tools like Metasploit, sqlmap, Nmap. - -## Study recommandations - -So as for the recommendations, I would say it would be better if you look for some basic exploitations and some networking. and also I would like to recommend you some rooms :) - -- Find the secret server - from INE -- [blue - Try Hack Me](https://tryhackme.com/room/blue) -- [Lame - Hack the box](https://app.hackthebox.eu/machines/Lame) -- [Overpassed2 - Try Hack Me](https://tryhackme.com/room/overpass2hacked) - -so if you completed these rooms I would say you can complete the EJPT exam successfully. ( these rooms might not be enough but the exam is somewhat like these ones ) but again remember. the exam is not a CTF so I would say its better to do the black boxes from INE labs ( i would say the box 1 and 3 would be enough ) - -also; I created myself a small cheat sheet for the exam, that might help you. I will post it on my Github so that you can find it from there. and you can find a link below for the cheatsheet. I would say create your own one based on that or something from scratch. this will definitely help you in the exam. unless you can remember everything :) - -[https://github.com/dasithsv/ejpt-cheat-sheet](https://github.com/dasithsv/ejpt-cheat-sheet) - -## What can you expect frm the exam - -So I would say EJPT has good recognition in the industry; so if you are looking for a job. this certification might help you out. and while comparing to the other certifications like CEH this is really good ( i personally haven't done CEH I'm just telling what I heard online ) the reason is since this is a hands-on exam you actually get some experience with the keyboard. but it just depends on you. - -And when we talking about the price for the exam, Just for 200usd, you get 2 vouchers ( you can have a free retake if you fail the exam ) this is very good since you don't have a big headache while doing the exam because if u fail once you can take it free for the second time. and also I would say the exam is not a very stress full one. - -overall I would say the exam is fine; its, not the most fun exam out there but you can definitely learn some new stuff. also, I earned 85% for the exam and I got 3 questions wrong. but yeah. the exam was okay - -and if you are a beginner I would definitely recommend this certification mainly because its easy and the exam will train you for that penetration tester mindset. and also it doesn't have much stress. - -![](https://elearnsecurity.com/wp-content/uploads/ejptnew2.jpg) - -## Final words - -So as for the final words, I would say just give this exam a try if you are just starting out. because you can learn some new stuff. and if you are planning to do the exam, good luck :) I hope the content I wrote was helpful for you. again remember to look at some networking stuff and the rooms I suggested, you can crack the exam. also, don't hurry on the exam since you might miss some important things. I know people post online saying they completed the exam in 3-4h and stuff, don't take that securely. the certification doesn't mention how much time you took to complete it. also, who knows if they lying? I can even tell you I completed the exam in one hour and you probably never know how much time I really took. so don't worry about that. just take your time and do the exam. and have fun! - -so that was it I guess, if you are planning to do the exam and if you have any questions reach out to me. I will definitely help you out. you can contact me via my discord or send an email - -[mailto:z9fr@protonmail.com](mailto:z9fr@protonmail.com) - -and if you are doing the exam I wish you all the best, you can crack the exam. if you are planning to do the exam just do. I would say its worth it. - -that's it for my thoughts and experience on the exam. thanks for reading this. leave a comment if this helps you. and if you passed the exam let me know in the comments. - -and as always, stay safe and keep on hacking! diff --git a/blog/hello-world.markdown b/blog/hello-world.markdown new file mode 100644 index 0000000..beb76ae --- /dev/null +++ b/blog/hello-world.markdown @@ -0,0 +1,10 @@ +--- +title: "Hello World" +date: "2023-12-26" +tags: + - "misc" +--- + +Hello, welcome to my blog. I'm planing to write some articles related to security, programming. I hope you find some value out of them + +Thank you for stopping by! diff --git a/blog/red2libc.markdown b/blog/red2libc.markdown index c4e3a4e..f7fe824 100644 --- a/blog/red2libc.markdown +++ b/blog/red2libc.markdown @@ -1,6 +1,6 @@ --- title: "Return to libc attack" -date: "2021-11-03" +date: "2024-11-03" tags: - "infosec" - "beginner" diff --git a/blog/secret-to-hack.markdown b/blog/secret-to-hack.markdown deleted file mode 100644 index af420c9..0000000 --- a/blog/secret-to-hack.markdown +++ /dev/null @@ -1,162 +0,0 @@ ---- -title: "Wanna Know the Secret Path for Hacking?" -date: "2021-07-07" -categories: - - "beginner" - - "infosec" - - "tryhackme" -tags: - - "easy" - - "giveaway" - - "rightnow" - - "starnow" ---- - -Hello! welcome to the super-secret article. don't tell anyone you found this 😉. let me tell you about a super-secret way to learn to hack. trust me this is the easiest way to learn to hack. also, you get a chance to hack stuff!!! while learning. and its almost free!!!! so let me explain to you about this secret place to be a good hacker. also this is the greatest time to start with hacking. let me explain to you why. - -so first let me begin with that secret path, its called "Pre Security" have you heard about it? haah probably not that's why you are curious. and its actually NEW! so the pre-security training path is the new path Try Hack Me introduced. and this secret path will teach you the pre-requisite technical knowledge to get started in cybersecurity. To attack or defend any technology, - -so if you don't know the secret to hack is first learning how things work, first, you need to learn how X works to break X that's how you can be a good hacker. or else you will be a script kiddie. so this try hack me new path is a great opportunity to learn about that. this learning path will teach you about - -## Pre-Security - -Start learning with pre security learning Path Right now! - -[Pre-Security](https://tryhackme.com/path/outline/presecurity) - -#### Cyber Security Introduction - -![](/images/intro.png) - -so this is the first module on this secret path; in this module, you will learn about the basics of cybersecurity. also in this module, you get to do something pretty cool 😆 ; you get to hack into social media. it's not a real one actually but its so much fun - -![](/images/2021-07-07-04_44_54-TryHackMe-_-Learning-Cyber-Security-Brave.png) - -see; isn't that cool huh? this is one of the best things about tryhackme while you learning you get a chance to try this out yourself. so you just don't learn and forget; you try. - -#### Network Fundamentals - -![](/images/dsdfsd.png) - -so networking is really essential thing in cybersecurity; that's why try hack me, teachers, you network fundamentals in the second module; trust me after completing these modules you would get a very good understanding about how networking works; how computers communicate with each other and other types of network weaknesses. and remember just like we hacked the social media before; we get to play some games here. haha try it yourself I don't wanna spoil the fun for you 🤓 - -also don't forget; you will get a nice badge for completing this module; you can see that cool batch below. the badge is called **"networking nerd"** - - - -#### How The Web Works - -![](/images/web.png) - -How do websites work? I would say this is one of the most essential things you need to learn if you want to become a hacker! and this module covers most of them!! also, this module covers DNS and HTTP/HTTPS protocol and also some HTML, and some common scenarios like Sensitive Data Exposure and HTML injection. isn't that cool! also it talked about some very important components which work behind the scenes like Load Balancers, CDNs, Databases, and WAFs? and there is more!! it even covers virtual hosting and more; that's awesome and by completing this room. you are gonna have a very good understating of how the web works; Finally, it sums up the whole task with a nice process. that's really awesome - -#### Linux Fundamentals - -![](/images/sfsdfs.png) - -Welcome to the really fun part; learning Linux. first, you might think. ugh, Linux is hard but NOOO! using Linux is really easy. I would argue that using Linux is easier than using windows. and if this is your first time with Linux? this room will help you. actually, you don't even need to install Linux on your computer. all you need is a browser. they will provide you a ubuntu instant. isn't that cool? huh - -![](/images/2021-07-07-05_05_21-NVIDIA-GeForce-Overlay-1024x376.png) - -see you don't even need a powerful computer they will provide you with all these cool features; all you need it is a web browser; internet connection and most importantly **passion to learn** - -also, we can't forget we can get some badges by completing these rooms. and the name of this badge is called "cat linux.txt" huh? don't understand the meaning of it; haha complete the challenge I don't wanna spoil it for you 🤗 - -#### -Windows Fundamentals - -![](/images/2021-07-07-04_42_39-TryHackMe-_-Learning-Paths-Brave.png) - -windows but why? you might think hackers only use Linux but NO; mostly in real-life scenarios most of the corporations use windows; so if you want to be a hacker. a white-hat hacker of course this is a must. also, you might think you know about windows; but you can learn a lot of things that you probably don't know about windows here. its awesome man trust me give it a go. - -also just like we tried the Linux machine on the browser you can do the same here; isn't that cool ? - -![](/images/2021-07-07-05_15_39-NVIDIA-GeForce-Overlay-1024x545.png) - -see this is a fully functional Windows system on your browser; this is why I told you you only need passion to learn; this platform will definitely guide you through it. - -#### What do I get at after completing ? - -![](https://tryhackme.com/img/general/learningpathcert.png) - -so after successfully completing this room; you will get something cool. you will get a certification that you can post on your LinkedIn and flex to your friends. and you can see a sample certification below - - -## Pre-Security - -Start learning with pre security learning Path Right now! - -[Pre-Security](https://tryhackme.com/path/outline/presecurity) - -#### How Can I Join this ? - -I see you are super interested now. so am I. so joining this platform is really simple all you have to do is go to tryhackme.com - -https://tryhackme.com/ - -and you can register from here; also if you want to support me; get me a ticket. you can use my referral link. its actually helpful for both of us. ( You can know what are tickets from below I have explained it ) if you use the below link it will give me one free ticket and it also gives you a ticket 😉 you can also use it. - -.ugb-b92a74c .ugb-inner-block{text-align:left} - -##### Register with My Referral Link - -You can also register to try hack me with My Referral Link; this will give me a free token. and also you will get a free token. in case you decided to subscribe to try hack me this will give me 5 tokens. 😇 if you like please click on the button below and it will take you to the register page - -[Register Now](https://tryhackme.com/signup?referrer=7f1e39565ac6751b9bf131b12aa9ab10c7026157) - -#### Tickets mean prizes - -since this secret pathway is released recently try hack me is celebrating this pathway by the event of this really cool ticket; you can complete a room that's part of this path and win tickets, get 3 of the same to redeem a prize. If you're a free user you can win 1 ticket, however subscribed users can win 2 tickets. - -also you can see the prices they giving away below. its really awesome ! - -![](/images/2021-07-07-05_23_10-TryHackMe-_-Learn-and-win-prizes-Brave-1024x240.png) - -also, there are other ways to get these tickets; you can refer a friend and if your friends register using your referral link both of you will get 1 ticket; how every if your friend bought the premium you will get 5 tickets; - -another way is to write a blog post just like I did; this will give you 5 tickets. - -if you like to know more information about this give away you can just click on the button below. that will redirect you to the THM official room that talks about this giveaway; this giveaway will end on 15th July 2021 - - -## Tickets Try hack Me - -You can view the official THM room that talks about the giveaway ! - -[Tickets 🎟️ - Try Hack Me](https://tryhackme.com/room/tickets1) - -also; if you go to your public profile you can view the tickets you currently have. - -[https://tryhackme.com/p/{your user name}](https://tryhackme.com/p/daaz) - -![](/images/2021-07-07-05_40_05-TryHackMe-_-daaz-Brave-1024x741.png) - -#### what else ? - -try hack me the pre-learning path is not the only path they have; in this blog post. I only talked about one. but there is more you can play and have fun, and all of them are challenging and fun like this pre-learning path - -![](/images/2021-07-07-05_30_53-TryHackMe-_-Hacktivities-Brave-1024x491.png) - -as you can see in the above image they have many, and not just they have CTF rooms and many more that you can have fun with; also you have networks and many more; if you are curious to know what's in tryhackme and why it's so cool please let me know. I will come up with a new blog post about other cool stuff in try hack me. - - -# Register to Try hack Me - -You can register to this awesome platform by just clicking on the buttons below, one button is with my referral and other one doesn't - -[Register to THM ( Referral )](https://tryhackme.com/signup?referrer=7f1e39565ac6751b9bf131b12aa9ab10c7026157) - -[Register to THM ( Non- Referral )](https://tryhackme.com/signup) - -#### end - -so right now; I think you have a really good undersetting of getting into hacking with this great chance; so I would warmly welcome you to the hacking game. and also I want to tell you. this is really fun; so enjoy your progress and also remember to have fun. and not just that if you need any help you can join to try hack me discord server and you can ask for help from other people and a huge shout out to everyone in tryhackme because its a suck a good and helpful community (you might get rickrolled sometimes but that's totally cool  😂 ) - -#### Important Links - -https://tryhackme.com/path/outline/presecurity - -https://discord.com/invite/tryhackme - -https://tryhackme.com/ - diff --git a/blog/thats-the-ticket-thm.markdown b/blog/thats-the-ticket-thm.markdown deleted file mode 100644 index f515a17..0000000 --- a/blog/thats-the-ticket-thm.markdown +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: "That's The Ticket - THM" -date: "2021-06-09" -categories: - - "ctf" - - "infosec" - - "writeup" -tags: - - "ctf" - - "cybersecurity" - - "tryhackme" - - "web" ---- - -Hello Hackers! Welcome back to another Write-up. so this time we are doing That's The Ticket from try hack me, so this is a medium level challenge and it's based on the web, okay so without further do let's get started with hacking. - -[https://tryhackme.com/room/thatstheticket](https://tryhackme.com/room/thatstheticket) - -you can check out the video version of this write-up from the below - - - -so as always even tho this is a web challenge I started with some Nmap scan to get some idea about what's going with this box but from the Nmap scan I didn't found anything interesting I found out that the port 80 and 22 are open that's all - -![](/images/carbon7.png) - -since this contain a website i though of doing some nikto scan to get more idea about the website - -```bash -nikto -h http://10.10.128.236/ -``` - -![](/images/carbon8.png) - -so as you can see we didn't found anything interesting from the Nikto scan too whats next? let's check the website - -![](/images/screely-1623259434771-1024x539.png) - -so when we go to the website we can see there's a login screen , so first i tried some default creds but no luck so next I created the account and now we can see that we have a dashboard. - -![](/images/screely-1623259642418-1024x547.png) - -so as you can see here we can create tickets, so if you try some XSS payload it won't work here, you have to be a bit creative in this case so if you view the source code you can see that messages we are adding are inside a "textarea" this is the reason why out payload is not working since the things inside of textarea are just treated as texts so what we can do is we can close that tag and add xss so it should get triggered let's see - -in the below you can see i have shown a simple payload that we can use to trigger xss here - -![](/images/carbon9.png) - -```html - -``` - -so if we run this we can see the XSS will get triggered and now we successfully triggered XSS, but how can we get the user? this is a very interesting part of this challenge. so if we look at the hint it says, - -> Our HTTP & DNS Logging tool on [http://10.10.10.100](http://10.10.10.100) may come in useful! -> -> Hint - -we can create a Request Catcher session for this box also you can do this in other ways but I think using the request catcher will be a lot helpful for you, okay so first if we tried to change the document.location we can see we can get our details but not the admins, but if you look at the DNS lookup that comes one is from admin! - -awsome! we are close but how can we exploit it? yes so for that I wrote a simple javascript code to send the email as a subdomain when that happens we can see that from the DNS. but there is a small problem, that's since the email has characters like "@" our payload won't work it will break so we have a lot of options, we can encode the URL and take or else we can replace characters or get a character by character but here I thought of going for the replace characters way since I think its the fastest and easiest so you can see the payload I used below - -![](/images/carbon10.png) - -```html - - -``` - -also below i have a video of getting the email. - -congrats if you got the email you have done a good job so far, so forgetting the password we have to do a simple brute-force for this I thought of using burp-suite since I'm more comfortable with it also you can use hydra or any other tool if you are not familiar with brute-forcing with burp suite please go to the link below where you can find a good walkthrough from [portswigger](https://portswigger.net/support/using-burp-to-brute-force-a-login-page) - -[https://portswigger.net/support/using-burp-to-brute-force-a-login-page](https://portswigger.net/support/using-burp-to-brute-force-a-login-page) - -![](/images/screely-1623261486119.png) - -so as you can see here we get a **302** redirect for the password **123123** yes so now we successfully found the password for the admin - -```bash -adminaccount@itsupport.thm -123123 -``` - -now all we have to do is login as the admin to get our flag - -![](/images/screely-1623261676933-1024x652.png) - -so just like above if you open the **1st message** we can see that we successfully got the flag for the challenge!!! congrats if you completed it. I hope you enjoyed the write-up and learned something new! so for the next time stay safe and **Keep On Hacking !!!**