Category: walkthrough

HTB challenge: LoveTok (php addslashes restricted quotes bypass)

The challenge

On a recent hackthebox challenge the following code required to be exploited to get the flag: 
<?php
class TimeModel
{
public function __construct($format)
{ 
$this->format = addslashes($format);

[ $d, $h, $m, $s ] = [ rand(1, 6), rand(1, 23), rand(1, 59), rand(1, 69) ];
$this->prediction = "+${d} day +${h} hour +${m} minute +${s} second";
}

public function getTime()
{
eval('$time = date("' . $this->format . '", strtotime("' . $this->prediction . '"));');
return isset($time) ? $time : 'Something went terribly wrong';
}
}
Continue reading “HTB challenge: LoveTok (php addslashes restricted quotes bypass)”

HTB: Networked walkthrough

“Networked” Info Card  
Slight hint(s): Unrestricted file upload, bypass image upload restriction, bypass mimetype restriction
Slight hint(s) (PE): shell command injection, unescaped variable command injection
Continue reading “HTB: Networked walkthrough”

Haystack – hackthebox.eu walkthrough

This is a walkthrough on the machine called Haystack on hackthebox.eu, which most users found frustrating and/or annoying. Personally I would describe it more as a kind of annoying box, and although rated as easy my personal opinion is at least the Privilege Escalation part should be falling a bit more into the intermediate category. cat >> /etc/hosts <<<“10.10.10.115 haystack.htb”
Continue reading “Haystack – hackthebox.eu walkthrough”

CTF: Jarbas 1 – vulnhub CTF walkthrough

VM: Jarbas 1
Author: Tiago Tavares (vulnhub) @tiagotvrs (twitter)
Series: Jarbas
Difficulty: Beginner/Intermediate
Privilege Escalation: Beginner/Intermediate*
Target IP: 192.168.1.112
This is a walkthrough on the CTF called Jarbas uploaded to vulnhub. *I’m not sure whether this is to be classified as Intermediate or beginner but it has its own twist on the way of getting a shell due to the lack of nc on the target (probably it’s a bit more into the beginner category).
Continue reading “CTF: Jarbas 1 – vulnhub CTF walkthrough”

CTF: Pinky’s Palace v2 (HARD) – vulnhub CTF walkthrough

VM: Pinky’s Palace v2
Author: Pink_Panther (vulnhub) @Pink_P4nther​​ (twitter)
Series: Pinky’s Palace
Difficulty: Beginner/Intermediate
Privilege Escalation: Intermediate/Highly Advanced*
Target IP: 10.0.0.5
Target host: pinkydb

* requires reverse engineering techniques to escalate privileges Continue reading “CTF: Pinky’s Palace v2 (HARD) – vulnhub CTF walkthrough”

CTF: Brainpan 1 CTF walkthrough – Introduction to exploit development (Part II)

Part I: Brainpan 1 CTF walkthrough – Introduction to exploit development

Phase #5: Getting a stable shell

As it can be seen from the screenshot, an unexpected event has happened – we are actually provided a windows prompt, however the overall file structure seems to be linux-like: Continue reading “CTF: Brainpan 1 CTF walkthrough – Introduction to exploit development (Part II)”

CTF: Brainpan 1 CTF walkthrough – Introduction to exploit development (Part I)

VM: https://www.vulnhub.com/entry/brainpan-1,51/
Difficulty: Beginner/Intermediate
IP: 172.16.253.130 (arp-scan -I vmnet1 –localnet) If you were looking either for a walkthrough on the Brainpan 1 vulnhub CTF or for a tutorial/article to serve as an Introduction to exploit development you clicked on the right link.
Continue reading “CTF: Brainpan 1 CTF walkthrough – Introduction to exploit development (Part I)”