· Manuel López Pérez · tutoriales
Introduction to mining, part 2: stack 3-4 (Protostar)
Continuation of Protostar (Stack 3–4): overwriting function pointers and EIP using classic overflows with gets(), offsets, and little-endian.
Blog
Explore our articles on cybersecurity, ethical hacking, tutorials, CTF writeups, and information security news
- · Manuel López Pérez · tutoriales
Introduction to Exploiting Part 1 - Stack 0-2 (Protostar)
Practical introduction to stack buffer overflow with Protostar's Stack 0–2 challenges: offsets, little-endian, and using arguments/environment variables to modify memory.
· Manuel López Pérez · writeupsPwnLab: Init - WriteUp (Vulnhub)
PwnLab write-up: Init (Vulnhub): LFI with wrappers, file upload for RCE and escalation via SUID/PATH and injection in echo.
· Manuel López Pérez · hacktheboxWriteUp – Bounty (HackTheBox)
Bounty write-up (HackTheBox). Easy Windows machine that exploits a vulnerability in IIS, allowing a malicious web.config to be uploaded to execute ASP code and obtain RCE. We then escalate privileges with Metasploit (MS10-092).
· Pablo Plaza Martínez · cheatsheetTransferring files (Post-exploitation) - CheatSheet
Practical compilation of methods for transferring files during post-exploitation on Linux and Windows. Includes HTTP, Netcat, SCP, FTP, SMB, Certutil, PowerShell, and Powercat. Ideal for uploading tools or downloading data from the victim without Meterpreter or Empire.
· Manuel López Pérez · writeupsCyberCamp 2018 Online – 11. La orden del Temple (Criptografía)
We create a dictionary with the suspect's password pattern, attack a symmetric PGP with a dictionary, and decrypt the Templar encryption to recover the FLAG.
· Manuel López Pérez · cybercampCyberCamp 2018 Online – 2. Vivan Las Vegas (Criptografia)
Extracting hidden data in base64 from a video file and cracking encrypted PGP files using John the Ripper in challenge 2 of CyberCamp 2018.
· Manuel López Pérez · writeupsWriteUp - Fighter (HackTheBox)
Write-up of Fighter (HackTheBox): medium-level Windows machine exploiting time-based SQLi to extract credentials, gets RCE via xp_cmdshell + msbuild NPS payload, and escalates to SYSTEM with Capcom.sys (CVE-2019-7253) + bypass of checks.
· Manuel López Pérez · hacktheboxWriteUp - Canape (HackTheBox)
Canape write-up (HackTheBox). Intermediate Linux machine that exploits an insecure pickle deserialisation in a Flask + CouchDB site. Includes RCE via XXE-like in pickle, CouchDB enumeration, and escalation to root by abusing sudo pip install.
· Manuel López Pérez · writeupsWriteUp - Celestial (HackTheBox)
Write-up of Celestial (HackTheBox). Low-level Linux machine that exploits an insecure cookie deserialisation in Node.js (CVE-2017-16137) to obtain RCE, then escalates to root by abusing a cron job that executes an editable script.
· Pablo Plaza Martínez · cheatsheetCommands in Windows to obtain shell
Compilation of techniques for obtaining shell access in Windows after RCE. Includes in-memory PowerShell, Powercat, Regsvr32, HTA, Cscript, MSBuild, WMIC, Certutil, and tests against Windows Defender.
· Manuel López Pérez · writeupsWriteUp – Rabbit (HackTheBox)
Rabbit write-up (HackTheBox): Windows machine that exploits time-based SQLi in Complain Management System for RCE via xp_cmdshell + msbuild NPS payload, and escalates to SYSTEM by abusing WAMP64 running as SYSTEM.