I built a website for a nonprofit: TreeWater Initiative

I was recently connected with the founder of a nonprofit organization, the TreeWater Initiative. They needed a website and I liked the idea of working on a project that would be a labor of love and creative flow, so I offered my help. This is an overview of how I encountered the opportunity, and how I built the site.
THM: Hacker vs. Hacker

THM: Hacker vs. Hacker is an easy linux box that has already been compromised by another hacker! We’ll start by enumerating a web app to find a file upload vulnerability that the other hacker previously exploited and closed. Then we’ll continue with enumeration to find the webshell they uploaded. Once on the box we will find user creds and a big hint in a bash history file that points to a privesc vector. Finally we’ll exploit a path injection vulnerability to get a root shell.
Untangling Handlers and HandleFuncs in Go

Go provides a very useful http package with a built-in HTTP server that can be spun up in a just a few lines of code. If you’re like me and quickly like to get your hands on some sample code, it can be a bit confusing at first glance when you see references to Handlers, HandleFuncs, Handle, and HandleFunc. In this tutorial I’ll explain what each is, how to use them, and walk through an example of creating a very basic API.
Reverse Engineering Loop Exercise

This writeup walks through a simple reverse engineering exercise from session 2 of Introduction to Reverse Engineering with Ghidra. We’re given a binary that expects an unknown key as a command line argument. We’ll use Ghidra to disassemble and decompile it, and then step through the code to figure out what the secret key is.
HackerFlix: A Work In Progress

Today I’m excited to share my latest development project: HackerFlix.net! HackerFlix is a curated directory of documentaries, docuseries, movies, and tv shows about computers, hacking, technology, privacy, cyberpunk and Internet culture. Keep reading to learn about the architecture and my experience building the site.
THM: Blog

THM: Blog is a linux boot to root challenge that starts with a vulnerable WordPress blog. With the help of wpscan we’ll enumerate usernames and brute force a password. With those creds we can exploit a known RCE bug for this version of WP to get a shell. Finally we’ll do some basic static analysis of a root-owned SUID binary to escalate to a root shell.
THM: b3dr0ck

THM: b3dr0ck is a Flintstones themed boot to root challenge that fairly straightforward and mostly involves enumeration. We’ll start by exploring the open services on the box and leaking credentials in order to gain a foothold. Once on the box we will continue with our enumeration by looking through some of the code for the leaky service in order to get the password for and pivot to another low-privilege user. Finally we’ll get a root shell by deobfuscating a password hash and finding the plaintext in a rainbow table.
Headless Kali Linux Lab Setup Using Docker

I recently built myself a new Kali Linux lab for playing CTFs using Docker. It is more lightweight and portable than a VM. In this article I will share how it works and how I had to adapt my CTF workflow to support hacking from a Docker container.
THM: Tech_Supp0rt: 1

THM: Tech_Supp0rt: 1 is a linux boot to root challenge where we’ll pwn a fake tech support scam company. We’ll start by leaking credentials for a web CMS through an open SMB share. The CMS turns out to be vulnerable to authenticated arbitrary file uploads, and since we have creds we can exploit this to get a shell. Once on the box, there are 2 paths we can take to getting a root shell. One involves pivoting to another user on the system and exploiting their sudo privileges, and another involves exploiting CVE-2021-4043.
THM: Agent T

THM: Agent T is fast and easy box demonstrating the importance of enumeration. After a quick port scan we’ll quickly see that something about the only service running seems odd. It is a development build of PHP, and a quick web search tell us this version includes a backdoor that allows an attacker to easily achieve RCE by simply manipulating HTTP headers.