Posts with label "security"

HTB: Writeup

Writeup Card

This article is a writeup about a retired HacktheBox machine: Writeup. (Yes the machine name is writeup, searching a writeup for writeup will be a funny thing.). The machine is classed as an easy one. It involves vulnerability in a known CMS as well as "PATH vulnerability" for the privilege escalation.

HTB: Swagshop

Swagshop Card

This article is a writeup about a retired HacktheBox machine: Swagshop This box was suppose to be an easy one. Turns out it wasn't. I struggle a lot in wrong direction and finally found a path to root this magento box.

This article presents the different methods which failed on the box as well as the solution to root it.

Breaking some homemade crypto

I recently did a code review assessment on an application for one of my client. The best part of the application was their own cryptography algorithm.

Moreover, the application was written in PHP and PHP do some strange things with string, characters and XOR operations. It only needed a few lines of python in order to break it.

TL;DR : please do not write your own crypto!

Insomnihack Teaser 2017

This week-end was the insomnihack teaser CTF. I participated with the team The Half Crunchy.

The theme was "RISE OF THE MACHINES" with rogue webserver and flawing cat robot.

We finished 42th with 550 points flagging 5 challenges:

scoreboard

Many thanks to the organisation! It was a really nice CTF.

Thanks to all team members who participated.

CVE 2016-5195 dirtycow

Ðirtycow logo

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel. "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." (Source: Red Hat)