Hello, In this article you will find the solutions for the Hydra room on Try Hack Me. Link: https://tryhackme.com/room/hydra Almost every bruteforcing or cracking task from HackTheBox/TryHackMe uses the rockyou.txt wordlist. You can google it and download it, if you can't find it in your Kali distro under the path /usr/share/wordlists/rockyou.txt.gz If you're using Kali … Continue reading Brute-forcing passwords with Hydra
I had some fun this weekend messing around with Ghidra. Having such a powerful tool for free is truly a game changer. To start scripting in Ghidra, I downloaded the latest Eclipse for Java Developers Version: 2019-09 R (4.13.0), Ghidra and Open JDK, I believe any JDK version 11+ will work. After downloading the JDK, … Continue reading Ghidra Scripting: Annotating Linux system calls
I always wanted to play around with a binary analysis framework but most of the time I was turned off by how difficult it was to install and use it. Just recently I've thought to give angr a try and now I want to share my experience with you! I will present you a two … Continue reading Introduction to Angr
With 2019 a day away, let’s reflect on the past to see how we can improve. Yes, let’s take a long look back 30 years and reflect on the original fuzzing paper, An Empirical Study of the Reliability of UNIX Utilities, and its 1995 follow-up, Fuzz Revisited, by Barton P. Miller.
In this blog post, we are going to find bugs in modern versions of Ubuntu Linux using the exact same tools as described in the original fuzzing papers. You should read the original papers not only for context, but for their insight. They proved to be very prescient about the vulnerabilities and exploits that would plague code over the decade following their publication. Astute readers may notice the publication date for the original paper is 1990. Even more perceptive readers will observe the copyright date of the source code comments: 1989.
A Quick Review
View original post 1,699 more words