Category Hacking

decoding an incomplete QRCode – Intigriti Hacking Challenge at bruCON

This year I was at bruCon in Ghent, BE. I usually either go to interesting talks or spend the conferences in challenges just like I did in Defcon back in 2017.

So during bruCON I stumbled upon this challenge with QR-code that says “first one to scan this gets 100€”; in my head I thought pff this is easy and I will probably not be the first one to scan this. So I popped my phone and scanned. Nothing happened. Then I was like oh wait .. a huge piece of this qr-code is missing.

So the first thing I thought of is to mark the squares randomly because I thought it must be redundant or error correction squars. Remember at this point I know nothing about qr-codes...

Read More

Dual boot *Encrypted* Kali 2019 with Windows 10 in peace.

If you work in security and don’t encrypt your drives, maybe you should consider something else 😉

I recently was trying to make peace with Windows 10 co-living with Kali 2019 and it was really painful process. Each time I got one side working the other side was complaining.

Eventually it boils down to this:

1- Install Windows 10 fully (including setting up a user, and password, etc.) Failign to do so will corupt the encrypted partition of kali

2- Install Kali until you reach the step to partition the disk. Choose “Manual”

3- now create 3 partitions:
– one is for /boot (~256mb)
– one for swap area (8-10gb)
– the rest is for the root mount /

4- now go to “Encrypt partition” and click “Yes” for writing the current partitions

5- now choose wherever you have swap and root...

Read More

Offensive Security Advanced Windows Exploitation (AWE / OSEE) Review

Modern Warfare Students vs Trainers 0x2

the reason why I’m writing this post is due to the lack of reviews I found online about AWE course offered by offensive security. If you look up for OSCP or OSCE they are plenty but not so much for OSEE/AWE. If there is something I learned from hacking cons is that you can contribute to the infosec world by creating any kind of helpful material for other people (refer to the hacker manifesto); hence I decided to contribute to the infosec world in my own way too.

a little background:
To be honest it took me quite some energy and time to even get into this course due to its high demand and lack of availability. Fast forward I was sitting with almost other 30 students in Blackhat 2018 fronted by the offsec staff to teach us some exploitation black magic; and oh boy was it black magic…

the 4...

Read More

quick writeup for Hacker0x1’s mini CTF: Capture The Flag: reversing the password

If you missed this one; please head to this link, and try it yourself before going to the solution.

Read More

auto login to backtrack and startx in 2017

Wait; did I say BackTrack? Yes Backtrack is still a cool (outdated) distro for hacking!
If for some odd reasons you still need to use BackTrack in 2017 (hello? have you heard of Kali), I won’t judge you.
Maybe you’re doing your OSCE and need an image that is still in the course / labs

This post is meant to save you some time if you haven’t used BackTrack for a while and need to get some things done with it.

1. We want to change the root password

Read More

breaking out of a restricted shell – the offensive way

Recently I was working on one of the vulnhub vulnerable boxes and once I finally got a reverse shell it was a restricted one. What a bummer!
In this post I want to document how did I breakout of it in a simple way.

There many ways to break out of the restricted shell (aka /bin/rbash). One simple way for example is to use perl or python to call /bin/sh:

Perl/Python aren’t the only ways. You can STILL breakout if vim, vi, awk, gdb, more, less, etc. are allowed!

What I want to add here is a special case of a restricted bash, that’s when the rbash is called with an output redirection.
So might be able to use the earlier tricks to breakout but it’s no good as all the output is being r...

Read More