X-MAS CTF 2019: Binary Exploiting & Reversing Write-Ups

Hello, Here are my write-ups for the X-MAS CTF 2019 organized by https://htsp.ro/. Reversing: Santa’s crackme Santa’s crackme is easy to solve when using Ghidra, all you need to do is open up the binary, read the code and use the XOR Memory script from Ghidra. Reversing: X-MAS: Lapland Mission Since this is an Unity game we can easily patch … Read more

Hack The Box – Bitlab

Hello, Here’s how I’ve solved the Bitlab machine on Hack The Box. Gitlab Access As usual we start of with a nmap scan: The scan shows an nginx web server and ssh. If we visit the web server we’ll find a Gitlab instance. Gitlab is used by developers to host their source code. I tried searching for exploits but nothing … Read more

Ditching Apache2 for Nginx

Hello, I wanted to self host my WordPress blog and for that I’ve chosen Digital Ocean (referral link). Because I’m lazy and I don’t know how to configure web servers that well I’ve used DigitalOcean’s WordPress one click install, the package installed WordPress and did the following things: Enables the UFW firewall to allow only SSH (port 22, rate limited), … Read more

Hack The Box – Travexec Write-up

Hello, Here’s my write-up for the Traverxec machine. Initial Shell: google User Hint: Read the configuration carefully and `ls` dem directories, and don’t forget, you’re the web server! Root Hint: In linux you can configure commands to be executed without requiring a password. The password for the PDF is the root flag. Link: BananaPr1nc3-Traverxec.pdf

Simple Dark Theme Switch with Vue.JS

Hello, In this post I’m going to show you how quickly you can add a dark theme switch to your Vue.JS application. We’re going to start with a blank application. And then we’re going to create a dark-theme CSS file which we’re going to save in public/css/darktheme.css. This is how the application looks without any CSS. Now, we’re going to put … Read more

My experience with .NET IoT (so far)

I haven’t done any embedded development in a while and I was thinking to build myself a remote controlled toy car with video streaming. The project is going to take me a while. To build it I’m going to use C#. I’m already too familiar with Python and a little challenge doesn’t hurt. To interface with the hardware, I’m going … Read more

Root-Me: GB – Basic GameBoy crackme walkthrough

Hello, In this article I will describe how I solved the GB – Basic GameBoy crackme challenge from Root-Me. Before reading this article you should attempt to solve the challenge on your own. Start by reading/skimming through the GameBoy CPU manual then download an emulator such as mGba and play with the ROM. To disassemble the ROM I’ve used Ghidra and mgbdis. After reading through the GameBoy … Read more

Ghidra Scripting: Annotating Linux system calls

I had some fun this weekend messing around with Ghidra. Having such a powerful tool for free is truly a game changer. To start scripting in Ghidra, I downloaded the latest Eclipse for Java Developers Version: 2019-09 R (4.13.0), Ghidra and Open JDK, I believe any JDK version 11+ will work. After downloading the JDK, extract the zip, put it … Read more