Posted on 12 Oct 2019 in security • Tagged with security, boot2root, HTB, exploit, linux • 4 min read
This article is a writeup about a retired HacktheBox machine: Writeup. (Yes the machine name is writeup, searching a writeup for writeup will be a funny thing.). The machine is classed as an easy one. It involves vulnerability in a known CMS as well as "PATH vulnerability" for the privilege escalation.
Posted on 29 Sep 2019 in security • Tagged with security, boot2root, HTB, linux, mangento • 6 min read
This article is a writeup about a retired HacktheBox machine: Swagshop This box was suppose to be an easy one. Turns out it wasn't. I struggle a lot in wrong direction and finally found a path to root this magento box.
This article presents the different methods which failed on the box as well as the solution to root it.
Posted on 12 Sep 2019 in security • Tagged with security, boot2root, HTB, windows • 3 min read
I started to work on Hack The Box machines in 2018. This is a writeup for the retired Jerry machine.
Posted on 07 Oct 2018 in security • Tagged with security, reverse • 4 min read
The fifth edition of the FireEye's Flare-on reverse challenge take place this year between august 24th and the 5th octobe with a total of 12 challenges centered on Windows binaries.
Posted on 20 Nov 2017 in security • Tagged with security, vulnhub, boot2root, linux • 5 min read
Posted on 10 Nov 2017 in security • Tagged with security, vulnhub, hash, boot2root, linux • 5 min read
At the moment I have some times to work again on Vulnhub virtual machine. So here I picked the first one at the moment: Bulldog: 1 A simple boot2root machine by Nick Frichette.
Posted on 01 Aug 2017 in security • Tagged with security, cryptography, code review • 3 min read
I recently did a code review assessment on an application for one of my client. The best part of the application was their own cryptography algorithm.
Moreover, the application was written in PHP and PHP do some strange things with string, characters and XOR operations. It only needed a few lines of python in order to break it.
TL;DR : please do not write your own crypto!
Posted on 04 Mar 2017 in programming • Tagged with programming, devops • 3 min read
Since January this blog is automatically build using Travis CI. The main advantage is to always use the latest version of Pelican as travis CI always build its environment from scratch. An other advantage is that I am able to update the site just from my browser for minor modifications (spell correction for instance).
Posted on 22 Jan 2017 in security • Tagged with security, ctf • 8 min read
This week-end was the insomnihack teaser CTF. I participated with the team The Half Crunchy.
The theme was "RISE OF THE MACHINES" with rogue webserver and flawing cat robot.
We finished 42th with 550 points flagging 5 challenges:
[TOC]
Many thanks to the organisation! It was a really nice CTF.
Thanks to all team members who participated.
Posted on 27 Dec 2016 in security • Tagged with programming, SSL, let's encrypt, security • 3 min read
Let's encrypt provide free and easy SSL certificates. Nevertheless it need to verify that you own the machine. In order to do that we usually use HTTP verification with the .well-known directory.
But sometime our servers are not reachable from the internet. Therefore the HTTP validation is not possible. Hopefully there is another way the acme challenge can be validated: DNS validation.
In this post we will see how we can generate Let's encrypt SSL certificate for offline machine with DNS validation for domains hosts by OVH.
