If you’ve ever started building a project that is running great locally, only to have it fail to build on a teammate’s machine or when deployed to any other environment despite your meticulous, step-by-step setup instructions, you may want to consider using a tool like Vagrant. Vagrant enables you to build a consistent virtual environment for developing and running software from any machine. It’s easy to make your local development environment mirror your production server while also making it portable. This can save lots of time when someone new joins the project, as the setup is all but done for them already.

I’m currently working on a frontend project at work currently that involves building out a library of Twig components for a large website running on Drupal. The mobile designs for the component I’m working on today require that if the description field has more than one paragraph, only the first 2 lines of the first paragraph should be displayed along with a basic toggle switch so a user can read more if they want. There are multiple ways to approach this, but I wanted to come up with a pure CSS solution without using any javascript. Read more to see what I came up with!

I was recently diagnosed with Autism Spectrum Disorder at age 34. I always suspected the way I think is different from others, and now I have an explanation for why. I’ve spent the last year reading several books and blogs, watching videos on YouTube, and discovering online communities of adults who have shared the experience of being diagnosed later in life in an attempt to better understand how my brain works. It is equally creepy and exciting to stumble on so many other firsthand accounts of life experiences that I easily could have written as my own. In this essay, I am reflecting on some of my own experiences as well as sharing some of what I’ve learned about autism.

This challenge is a really basic introduction to reversing Linux programs (ELFs) made up of 6 different mini challenges. Tools we’ll use to solve these include strings, ltrace, and a software reverse engineering tool suite from the NSA known as Ghidra. These are meant to be beginner friendly challenges, although basic knowledge of programming and C is necessary. We won’t be writing any code here, but in the later challenges we’ll read through decompiled C code to solve them.

Brute It is an easy box for practicing brute force techniques. After some simple recon we’ll brute force our way through a login form to gain access to an admin panel. Once authenticated we’re provided a user’s private RSA key file which we’ll need to crack the passphrase for in order to use it to gain shell access. Finally, we’ll exploit sudo privileges to leak the root user’s password hash, and crack it again with brute force in order to get a root shell.

Zeno is a medium difficulty Linux box with a vulnerable web application we’ll exploit to get a shell. With a bit more enumeration we’ll find credentials for a user account to get the first flag. Finally we’ll abuse a misconfiguration of a service file to escalate privileges to root.

Jason is an easy box where we’ll practice exploiting insecure deserialization in NodeJS. To make it a little more interesting, this is a blind vulnerability, meaning we’ll have to find some other way besides checking if our input is reflected back to us to verify code execution.

h4cked is a different kind of challenge than the CTFs I normally write about. Quite the opposite actually. We’re given the solution up front and are tasked with reverse engineering a hack by analyzing the traffic recorded in a PCAP file, otherwise known as a packet capture. (It’s an extremely detailed log of all inbound and outbound network traffic over a period of time.) After that we’ll use the findings to replicate the hack and root the box. We’ll use Wireshark to conduct our analysis. Let’s get started!

This Alice in TryHackMe Wonderland themed box is quite the rabbit hole. It starts with some basic web app enumeration, leading us to leaked credentials buried deep in a series of hidden directories. Once we get a foothold we’ll solve a series of path/code injection challenges with some light reversing to make a couple of horizontal jumps before finally getting a root shell. I really enjoyed this box. The hints make it more like a puzzle than realistic hacking challenge, but the privesc was fun.

Mustacchio is a fun boot to root Linux box. We’ll start with some enumeration on a HTTP service and find credentials for the admin panel in a SQLite database backup. Once we’re in, it quickly becomes apparent we’ll want to test for XXE after more enumeration. With XXE confirmed, we can then exfiltrate the private key of a user on the box and use that to gain SSH access. Finally we’ll escalate privileges by performing a path injection attack on a root-owned SUID binary.