Overall, I really didn't like this machine. It was all about the things I hate most in CTF.
* Lame CTF tricks to find foothold (i.e. what you do at m********g)
* Web-app brute-forcing. It might not take long to crack but it's still a p…
I just uploaded a new version of the exploit on Github. It should make debugging and editing the script less painful.
Can't post the link here b/c spoilers, but it should be easy to find if you know what you're looking for.
Type your comment> @ausldavid said:
Here's a good paper on json deserialization attacks in both .Net and Java:
Type your comment> @hackerB31 said:
Have you tried any classic username/password combinations? I have maybe a few logins I try on every page I come across (as well as googling for the application's default creds).
If you try that and ar…
Finally rooted this after taking a break to learn more about AD.
https://blog.harmj0y.net/ and https://adsecurity.org/ were great resources.
My notes for root:
* If your "dog" tool isn't working remotely, maybe it's easier to do it loca…
I'm pretty stuck on this, wondering if anyone can help out. I've got the User credentials from the backup but can't find a way to use that towards actually getting User. I've used it to authenticate to R*C (via r*ccl**nt) but can't seem to actually…
Finally got root on this. As a newbie, user was easier than root for me b/c the service to exploit seemed pretty clear. For root, however, I was kind of directionless and expected it to be harder than it was, and ended up overlooking something basic…
Finally found the flag (my first challenge "owned'), thanks to the hints here. I spent too much time in wireshark analyzing and not enough trying to actually find the flag. It feels silly now how easy it was.
Side note: Is this challenge worth…