Still playing with the vulnhub machines this time it is the turn of FlickII. This one is different from the others as it has an android application associated. It would be a great exercice to play with mobile application, decompile it and see what is in the inside.

After the Acid challenge I was really motivated. Therefore I give a look at another vulnhub machine I had already download since a while: NullByte.

I continued to play with the vulnhub virtual machine an started the TopHatSec - Fart Knocker. This VM is an Ubuntu 14.04 32 bits.

The goal of this challenge is to break into the machine and root it.

If you beat the box then please shoot me an email! Have fun guys! P.S. I got the word "Fart Knocker" from watching beavis and butthead back in the day. Otherwise you kids might not understand :)

I continued to play with the vulnhub virtual machine and started the TopHatSec - Freshly.

"The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :)"

The first of April is always the occasion for some great pranks. 2015 was a great year, as the CERN confirmed the existence of the Force, Google published a mirroring website and gentoo an old fashion one. In France we got a security event call SSTIC for which the tickets are very rare therefore the SSTIC challenge allows the ones with the flag to reserve a ticket. An April prank challenge was post yesterday.

I start the LAMPSecurity CTF4 challenge of vulnhub available here. The goal is to get a root shell on the server.

Discovery

First of all we need to determine the IP address of the server. Since we launch it in a bridged virtual machine the local router got the IP …