THM: Hacker vs. Hacker

THM: Hacker vs. Hacker
THM: Hacker vs. Hacker is an easy linux box that has already been compromised by another hacker! We’ll start by enumerating a web app to find a file upload vulnerability that the other hacker previously exploited and closed. Then we’ll continue with enumeration to find the webshell they uploaded. Once on the box we will find user creds and a big hint in a bash history file that points to a privesc vector. Finally we’ll exploit a path injection vulnerability to get a root shell.
Read more →

Untangling Handlers and HandleFuncs in Go

Untangling Handlers and HandleFuncs in Go
Go provides a very useful http package with a built-in HTTP server that can be spun up in a just a few lines of code. If you’re like me and quickly like to get your hands on some sample code, it can be a bit confusing at first glance when you see references to Handlers, HandleFuncs, Handle, and HandleFunc. In this tutorial I’ll explain what each is, how to use them, and walk through an example of creating a very basic API.
Read more →

Reverse Engineering Loop Exercise

Reverse Engineering Loop Exercise
This writeup walks through a simple reverse engineering exercise from session 2 of Introduction to Reverse Engineering with Ghidra. We’re given a binary that expects an unknown key as a command line argument. We’ll use Ghidra to disassemble and decompile it, and then step through the code to figure out what the secret key is.
Read more →

HackerFlix: A Work In Progress

HackerFlix: A Work In Progress
Today I’m excited to share my latest development project: HackerFlix.net! HackerFlix is a curated directory of documentaries, docuseries, movies, and tv shows about computers, hacking, technology, privacy, cyberpunk and Internet culture. Keep reading to learn about the architecture and my experience building the site.
Read more →

THM: Blog

THM: Blog
THM: Blog is a linux boot to root challenge that starts with a vulnerable WordPress blog. With the help of wpscan we’ll enumerate usernames and brute force a password. With those creds we can exploit a known RCE bug for this version of WP to get a shell. Finally we’ll do some basic static analysis of a root-owned SUID binary to escalate to a root shell.
Read more →