Bandit CTF – Level 11

level 10–>11 bandit10@bandit:~$ ls -la bandit10@bandit:~$ cat data.txt | base64 -d The password is IFukXXXXXXXXXXXXXXXXXXXXXXXXXXXX Password = IFukXXXXXXXXXXXXXXXXXXXXXXXXXXXX

[Solved] Resolv.conf is not updated after an OpenVPN connection

After connecting a VPN on Linux (my case an Ubuntu) that resolv.conf is not updated and you can’t resolve names from that network as expected. After searching a bit I found this website that gave me a solution. You can check in detail here: https://dev.to/setevoy/arch-linux-openvpn–resolvconf-is-not-updated-2470 After connection to the VPN has been performed, we can observe that resolv.conf hasn’t been updated. $ cat /etc/resolv.conf Modify your opvn file and these

Mobile Security Framework (MobSF)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. https://github.com/MobSF/Mobile-Security-Framework-MobSF MobSF Documentation: https://mobsf.github.io/docs/#/ Linux requirements: Install Git: sudo apt-get install git Install Python 3.8-3.9: sudo apt-get install python3.8 Install JDK 8+: sudo apt-get install openjdk-8-jdk Install the following dependencies:sudo apt install python3-dev python3-venv python3-pip build-essential libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev wkhtmltopdf For the

Bandit CTF – Level 10

level 9–>10 bandit9@bandit:~$ ls -la bandit9@bandit:~$ strings data.txt | grep «^=» password = truKXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 9

level 8–>9 bandit8@bandit:~$ ls -la bandit8@bandit:~$ cat data.txt | sort | uniq -u password = UsvVXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 8

level 7–>8 bandit7@bandit:~$ ls -la bandit7@bandit:~$ cat data.txt | grep -s millionth password = cvX2XXXXXXXXXXXXXXXXXXXXXXXXXXXX

HTB Delivery

Add the box to the host file. $ sudo nano /etc/hosts $ nmap delivery.htb -A -p- -T4 Open ports: Site inspection: http://delivery.htb http://delivery.htb/#contact-us http://helpdesk.delivery.htb/index.php http://delivery.htb:8065 As you can create a user into Mattermost server we can start here: http://delivery.htb:8065/should_verify_email?email=user%40rffuste.com We should verify the email, but no email is going to be received.So we need to find a new way. If we focus on Helpdesk site, http://helpdesk.delivery.htb/index.php We can create a

HTB Academy

$ sudo nano /etc/hosts $ nmap academy.htb -A -p- -T4 Open ports: 22(tcp) – ssh 80(tcp) – http 33060(tcp) – mysql Access to http://academy.htb $ python ~/tools/dirsearch/dirsearch.py -u http://academy.htb http://academy.htb/admin.php http://academy.htb/register.php After this step, we would be able to log in to this site. Inspecting with Burb Suite the request when we register our user we can observe: What would happen if we change this value when creating a new user? Modify

Bandit CTF – Level 7

level 6–>7 bandit6@bandit:~$ ls -la bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password password = HKBPXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 6

Level 5 –> 6 bandit5@bandit:~$ ls -la bandit5@bandit:~$ cd inhere/bandit5@bandit:~/inhere$ ls -la bandit5@bandit:~/inhere$ find . -type f -readable ! -executable -size 1033c bandit5@bandit:~/inhere$ cat ./maybehere07/.file2 password = DXjZXXXXXXXXXXXXXXXXXXXXXXXXXXXX