Category: Infosec

02
Sep
2019

Hack The Box: La Casa de Papel

Despite the “Easy” tag, La Casa de Papel was an elaborate box. A vulnerable service leads to an unusual, limited PHP shell which allows us to generate our own signed certificates to access a specific part of the site. From there, a local file inclusion lets us acquire SSH credentials and then escalate to root via a misconfiguration.

12
May
2019

Hack The Box: Lightweight

A fairly straightforward machine, Lightweight lets us explore an insuficiently secured LDAP environment, where we intercept credentials by listening in to the network device. It also leads down the path of Linux capabilities, to find an openssl binary which can do far more than it should.

04
Dec
2018

Kali Linux on the Huawei P10

Motivation With my laptop being more of a coffee table which can be moved rather than a portable device (with a comparable battery life), I was wondering if it was possible to get a Linux distribution running on my Android phone, a Huawei P10 with Oreo 8.0.0. This...

06
Nov
2018

Watcher – an introduction

This is hardly news: people like to connect stuff to the Internet. The ones I’ve always found the most interesting are IP cameras, which people knowingly or unknowingly have left publicly accessible. For more than 10 years many of these could be found via well-targeted Google queries and...