I have a confession to make. I use Windows for coding Python. This means that I often need to run my practical coding projects as Windows .exe files, especially if I work with non-technical clients that don’t know how to run a Python file. In this tutorial, I’ll share my learnings on making a Python … Read more
CHALLENGE OVERVIEW BACKGROUND In this tutorial, we will walk a simple website showing pictures of dogs and cats. Weβll discover a directory traversal vulnerability that we can leverage to view sensitive files on the target machine. At the end of this challenge, we will break out of a docker container in order to capture the … Read more
Problem Formulation Given is a text file, say my_file.txt. How to modify its content in your Windows command line working directory? I’ll start with the most direct method to solve this problem in 90% of cases and give a more “pure” in-terminal method afterward. Method 1: Using Notepad The easiest way to edit a text … Read more
Problem Formulation Given is a text file, say my_text_file.txt. How to modify its content in your Windows PowerShell working directory? I’ll start with the most direct method to solve this problem in 90% of cases and give a pure PowerShell method afterward. By the way, you can learn all about becoming a PowerShell developer in … Read more
In this article, I’ll quickly guide you through the installation steps for Python’s package installer pip. But first things first: π What Is Pip? β pip is the package installer for Python used to install and manage software packages (also known as libraries or modules) written in Python. pip makes it easy to install, upgrade, … Read more
CHALLENGE OVERVIEW BACKGROUND Welcome back to part II of this Linux privilege escalation series. You can find part 1 of this mini-series here: π Recommended: TryHackMe Linux PrivEsc β Magical Linux Privilege Escalation (1/2) In this tutorial, weβll try some additional βmagicalβ methods of gaining root access in tasks 11-21. Buckle in, and letβs get … Read more
To convert an integer i to a string with leading zeros so that it consists of 5 characters, use the format string f'{i:05d}’. The d flag in this expression defines that the result is a decimal value. The str(i).zfill(5) accomplishes the same string conversion of an integer with leading zeros. Challenge: Given an integer number. … Read more
π‘ Enum4linux is a software utility designed to extract information from both Windows and Samba systems. Its primary objective is to provide comparable functionality to the now-defunct enum.exe tool, which was previously accessible at www.bindview.com. Enum4linux is coded in PERL and essentially functions as an interface for the Samba toolset, including smbclient, rpclient, net, and … Read more
CHALLENGE OVERVIEW BACKGROUND This CTF challenge is another blackbox-style pentest where we donβt know anything about our target other than the IP address. We will have to discover ports and services running on the server with our standard pentesting tools like nmap and dirb scan. We also donβt have any inside information about the backend … Read more
CHALLENGE OVERVIEW BACKGROUND Using different exploits to compromise operating systems can feel like magic (when they work!). In this walkthrough, you will see various βmagicalβ ways that Linux systems can be rooted. These methods rely on the Linux system having misconfigurations that allow various read/write/execute permissions on files that should be better protected. In this … Read more
CHALLENGE OVERVIEW BACKGROUND π¬ What is black box pentesting? The term black box refers to a challenge where only the target machine IP is known to the penetration tester. Nothing else about the server is disclosed to the attacker, so everything must be discovered during the enumeration stage. On the other end of the spectrum … Read more
EzpzShell = “Easy Peasy Shell” π EzpzShell GitHub: https://github.com/H0j3n/EzpzShell WHAT IS EzpzShell? EzpzShell is a Python script that helps to streamline the revshell payload and listener creation process for ethical hackers, pentesters, and CTF gamers. There are many file types available, and it outputs several different payload options to choose from, letting you pick the … Read more