Description Figure out how they moved the flag. Solution Download the file. It is a packet file. Open it with wireshark. The log shows it’s looking for mac addresses. And tons of TFTP packets are following. I noticed some files are sent over the TFPT. Let’s check the files. Filter the packets with tftp.type Ok, … Read More “picoCTF2021 – Trivial Flag Transfer Protocol” »
Description Ron just found his own copy of advanced potion making, but its been corrupted by some kind of spell. Help him recover it! Solution Download the file and see the file content. As described, the file is corrupted so we don’t know the file type. In this case, we can check the file signature. … Read More “picoMINI – advanced-potion-making” »
Enumeration Nmap the target machine Check that ports 139 and 445 are open. So we can target the smb service. I tried to enumerate smb users or shares using several tools such as smbclinet, smbmap, and rpcclient. But I couldn’t get any useful information. I managed to anonymously login to the service but due to … Read More “Hack the box – Legacy – CVE-2008-4250” »
Enumeration nmap the target machine. The result shows me the keyword activemq. I googled activemq exploit. I found it has the vulnerability CVE-2023-46604 and the default port is 61616. Also, I found that it is on metasploit. So I chose metasploit instead of using the github source code. user flag That’s the one I found. … Read More “Hack the box – machine – Broker (CVE-2023-46604)” »