Writeup for Hackfest 2022 – Resurrection Edition Beginner CTF: Hackfest CTF
Category: Cybersecurity
Installing Gentoo on VMware workstation 16
First of all…
I got peer pressured into this, I am not doing this out of free will! Just kidding, in this blog post I will summerize my first journey with Gentoo and how to set it up inside a VM with VMware workstation version 16. This guide will help you setup a virtual instance of Gentoo and i suggest that you read carefully the Gentoo Handbook to understand what we are going to do here in great detail.
How-to monitor your windows machine with splunk
Why use Splunk?
Using Splunk to monitor your computer or vps is free, easy and let you learn about one of the best SIEM tool available on the market (as for now 2022). In this post I will share some of my personal Splunk configurations and alerts so you can start monitoring what is going on in your windows machine and maybe see things you didn’t before. So let’s start shall we!
Testing kali linux on windows 10 with WSL
Second try :
Kali can be found directly on the windows store. This version is much more stable than the one i tried to patch from ubuntu with the git repo in my first try.
Some usefull tweeks can be found here : https://www.kali.org/news/kali-linux-in-the-windows-app-store/
Everything is working well for now.
Edit 1 )
To make nmap work, install it on windows and make an alias :
[code]alias nmap=’"/mnt/c/Program Files (x86)/Nmap/nmap.exe"'[/code]
https://medium.com/@the4rchangel/nmap-in-the-windows-bash-shell-64cadff1a689
M.
FIRST TRY :
This version is not stable.
WSL stand for windows subsystem for linux
its a kindof native port for linux inside windows. not like emulation, it share the ressources directly from windows to run linux binaries.
To repare fuckedup things at first do those :
To fix error of expired cert. when trying to use apt-get command just do this :
wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.1_all.deb
apt install ./kali-archive-keyring_2018.1_all.deb
apt-get update
To fix error when you are not able to resolve address (aka dns is fuckedup)
just edit /etc/resolv.conf and add your favorite dns aka 1.1.1.1 or 8.8.8.8
after do an apt update && apt upgrade
Ref.
https://www.zdnet.com/article/windows-subsystem-for-linux-graduates-in-windows-10-fall-creators-update/
Way to find clues inside a ctf box
we find a file that was created by the maker in the process of creation ie : flag.txt.
Flag.txt was created 22 august 2017
find / -type f -newermt 2017-08-20 ! -newermt 2017-08-24 -ls 2>/dev/null
We see all files that have changed between 20-08 and 24-08 (if needed we can change the range)
With that we can see interesting changes inside the boxes
WIP – Linux pentest cheatsheet
Intended for personal use, i use many websites and pages from my blog, i just want to have all those things into one cozy page.
A journey into Windows pentesting.
I did root many windows rig in the last week. You can practice your skill too, just go to hackthebox.eu. Here i will not tell you how specificity root those vulnerable windows os, i just want to keep some of the basics that i learned from this.
As expected the info gathering is the same nmap nikto dirb etc.
The windows command line, as i am used to unix bash this command line was like Korean to me.
Here are the basic commands that are useful : Read more “A journey into Windows pentesting.”
CTF Analougepond from @knightmare2600 (VulnHub)
It has been a wile since i solved a CTF. I decided to try to crack the analougepond from @knightmare2600.
First you need to put an appropriate soundtrack for this VM. Read more “CTF Analougepond from @knightmare2600 (VulnHub)”
CTF Ew_Skuzzy from @vortexau (Vulnhub)
CTF Orcus from Viper (hackfest 2016)
Hello guys, it’s my third Vulnerable VM by @ViperBlackSkull if you need more information you can reach me on twitter at @marghost. You can get the virtual machine HERE. So lets get started. Read more “CTF Orcus from Viper (hackfest 2016)”