-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.xml
131 lines (106 loc) · 8.45 KB
/
index.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Hugo</title>
<link>https://hug0vincent.github.io/</link>
<description>Recent content on Hugo</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-en</language>
<lastBuildDate>Thu, 07 May 2020 18:03:45 +0200</lastBuildDate>
<atom:link href="https://hug0vincent.github.io/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Hello Rootkitty</title>
<link>https://hug0vincent.github.io/2020/05/hello-rootkitty/</link>
<pubDate>Thu, 07 May 2020 18:03:45 +0200</pubDate>
<guid>https://hug0vincent.github.io/2020/05/hello-rootkitty/</guid>
<description>Event Challenge Category Points Solves ecsc Hello Rootkitty pwn 500 24 TL;DR A custom kernel module was vulnerable to a buffer overflow, with a small ropchain I escalated my privileges to root and with a sys_chmod syscalls I got the flag.
Description Recon I&rsquo;m not a Linux kernel expert, everything might not be 100% correct, but I&rsquo;ll do my best to summarize what I understood.</description>
</item>
<item>
<title>DVID : Characteristics 2</title>
<link>https://hug0vincent.github.io/2019/10/dvid-characteristics-2/</link>
<pubDate>Wed, 23 Oct 2019 22:24:10 +0200</pubDate>
<guid>https://hug0vincent.github.io/2019/10/dvid-characteristics-2/</guid>
<description>Introduction I recently bought a DVID board which is an open source vulnerable designed IoT device. In this post I will try to explain how to solve the third challenge of the DVID project. In this challenge we need to write data to a special characteristic.
Challenge Let&rsquo;s flash the firmware, enable and setup the usb dongle:
1
2
3
sudo avrdude -c usbasp -p m328p -U flash:w:characteristics2.</description>
</item>
<item>
<title>DVID : Characteristics</title>
<link>https://hug0vincent.github.io/2019/10/dvid-characteristics/</link>
<pubDate>Wed, 23 Oct 2019 10:28:41 +0200</pubDate>
<guid>https://hug0vincent.github.io/2019/10/dvid-characteristics/</guid>
<description>Introduction I recently bought a DVID board which is an open source vulnerable designed IoT device. In this post I will try to explain how to solve the second Bluetooth challenge of the DVID project. In this challenge we need to read data from a special characteristic.
Challenge Let&rsquo;s flash the firmware, enable Bluetooth and setup the usb dongle:
1
2
3
sudo avrdude -c usbasp -p m328p -U flash:w:characteristics.</description>
</item>
<item>
<title>BLE introduction</title>
<link>https://hug0vincent.github.io/2019/10/ble-introduction/</link>
<pubDate>Sat, 19 Oct 2019 14:23:07 +0200</pubDate>
<guid>https://hug0vincent.github.io/2019/10/ble-introduction/</guid>
<description>Introduction I recently bought a DVID board which is an open source vulnerable designed IoT device. In this post I will try to explain how the Bluetooth protocol works and how we can solve the first Bluetooth challenge of the DVID project.
Bluetooth protocol This talk is a good introduction to Bluetooth hacking, what&rsquo;s following come from this document, but if you want more details you should read it. The next diagram shows how a typical connection between a phone and a Bluetooth device work.</description>
</item>
<item>
<title>TMNT</title>
<link>https://hug0vincent.github.io/2019/10/tmnt/</link>
<pubDate>Wed, 09 Oct 2019 16:39:53 +0200</pubDate>
<guid>https://hug0vincent.github.io/2019/10/tmnt/</guid>
<description>Event Challenge Category Points Solves AperiCtf TMNT web 300 6 TL;DR In this challenge we need to trigger an XSS, first we need to bypass the template engine of the browser to insert custom tags in the page. We can then trigger the XSS with some specific tag and use a DOM-based JavaScript injection vulnerability.
Step 1 This is my first web write-up, I usually prefer popping shell, but this time we will pop some alert boxes !</description>
</item>
<item>
<title>Pwn Run See (part 1 & 2)</title>
<link>https://hug0vincent.github.io/2019/10/pwn-run-see-part-1-2/</link>
<pubDate>Wed, 09 Oct 2019 11:39:54 +0200</pubDate>
<guid>https://hug0vincent.github.io/2019/10/pwn-run-see-part-1-2/</guid>
<description>Event Challenge Category Points Solves AperiCtf PwnRunSee 1 pwn 175 5 AperiCtf PwnRunSee 2 pwn 250 2 TL;DR This challenge was a use after free vulnerability which allow the user to get a shell on the remote docker after a call to execve with some user controlled parameters. Once inside the docker, we can abuse some privileges to mount the host disk inside the container and get the last flag.</description>
</item>
<item>
<title>Filereader</title>
<link>https://hug0vincent.github.io/2019/05/filereader/</link>
<pubDate>Tue, 21 May 2019 19:11:39 +0200</pubDate>
<guid>https://hug0vincent.github.io/2019/05/filereader/</guid>
<description>Event Challenge Category Points Solves ecsc2019 filereader pwn 1000 20 TL;DR We need to exploit binary which read the content of files listed in an other file. A buffer-overflow is present in one of the function and we can leak the address of libc thanks to /proc/self/map since we can read files. A onegadget is then used to pop a shell.</description>
</item>
<item>
<title>Give Me Your Shell</title>
<link>https://hug0vincent.github.io/2019/05/give-me-your-shell/</link>
<pubDate>Mon, 06 May 2019 18:39:04 +0200</pubDate>
<guid>https://hug0vincent.github.io/2019/05/give-me-your-shell/</guid>
<description>Event Challenge Category Points Solves inshack-2019 gimme-your-shell pwn 50 67 TL;DR This is a remote buffer overflow challenge, there is no protection on the binary but ASLR is enable on the remote server. I redirected the execution flow to write my shellcode to a controled area, then jump to it and execute it.
Getting informations First I looked at the protections on the binary :</description>
</item>
<item>
<title>Mission impossible 1</title>
<link>https://hug0vincent.github.io/2018/12/mission-impossible-1/</link>
<pubDate>Thu, 20 Dec 2018 00:00:00 +0000</pubDate>
<guid>https://hug0vincent.github.io/2018/12/mission-impossible-1/</guid>
<description>Event Challenge Category Points Solves santhacklausctf mi1 Forensic/Crypto 800 18 TL;DR After downloading the zip file we were faced with a linux memory dump. After building the correct profile for volatility you had to perform a known plain text attack on an encrypted and splited zip file to recover the file flag.txt.
Introduction After downloading the file MI1.zip we had a memdump.</description>
</item>
<item>
<title>Mission impossible 2</title>
<link>https://hug0vincent.github.io/2018/12/mission-impossible-2/</link>
<pubDate>Thu, 20 Dec 2018 00:00:00 +0000</pubDate>
<guid>https://hug0vincent.github.io/2018/12/mission-impossible-2/</guid>
<description>Event Challenge Category Points Solves santhacklausctf mi2 Forensic/Crypto/network 500 22 TL;DR In the second part of the challenge we also had a memory dump of a Debian system and a network capture. When you analyse the network capture you can see that some data were exfiltrated, if you look into the memdup you can see that the tool DET (Data Exfiltration Toolkit), has been used to exfiltrate the data.</description>
</item>
<item>
<title>Who am I ?</title>
<link>https://hug0vincent.github.io/page/about/</link>
<pubDate>Sat, 24 Nov 2018 00:00:00 +0000</pubDate>
<guid>https://hug0vincent.github.io/page/about/</guid>
<description>I&rsquo;m actually student in computer science in the field of cybersecurity. I didn’t know anything about IT security and hacking few years ago. I first learn with Damn Vulnerable Web App (DVWA), and then I discovered Root-me. Since then I&rsquo;ve learned a lot and I love learning new things and solving some hacking challenges.
I&rsquo;ve done this blog to host my write-ups and some posts about personal hacking stuff.
Feel free to send me a message to talk about security or Rock-climbing/Slackline or everything else.</description>
</item>
</channel>
</rss>