#hack100days : Day 5 : Took a crack at #hackthebox new release, Forgot. Learned some stuff, so that's good. I'm still slow, but eventually got root. I think some of it was more CTF than real life, but I look forward to seeing the reviews from the old hands. #infosec #getsmart

#hack100days : Day 6 : Finished section 7 of PWST. #infosec #getsmart

#hack100days: Day 7 : Finished sections 8 and 9 of PWST. Next up, hack Juice Shop. #infosec #getsmart #webapplicationtesting

#hack100days: Day 8: Spun up Juice Shop and started in. Used ZAP to spider. Found an auth bypass. Found a dir from robots.txt with some goodies. Recalled a hint from PWST to reap the goodies. Need to look at hacking a Keepass file. I'm sure I've seen that in a CTF or three. Need to attack the business logic in the app. Look at API enumeration. Time to kick off a directory brute-force and go to bed. #infosec #webapplicationtesting #getsmart

#hack100days : Day 9 : Analyzing main.js from juice shop. Finding endpoints on the server to explore and “endpoints” on the local app to explore. Router is a magic word. Need to do more poking and prodding to ascertain what kind of magic word “selector” is. #getsmart #infosec #webapplicationtesting

#hack100days : Day 10 : Watched a twitch stream of an attack on a #tryhackme box. Lots of malding, lol. Also poked at JuiceShop some more. #getsmart #infosec

#hack100days : Day 11 : More JuiceShop. Explored business logic. Managed to break the server a couple of times. Error checking and handling is hard. #getsmart #infosec #WebAppPentesting

#hack100days : Day 12 : Poked around at JuiceShop again. Worked with a group on derailed on #htb and got user. Don’t have foothold, yet. Got some mentoring on the next step and will work on it tomorrow. #getsmart #infosec #ctf

#hack100days : Day 13 (belated post) : Today was a little weaksauce. Researched kit to bolt onto a Raspberry Pi 3 to make a wifi hacking rig. #getsmart #infosec #wifihacking

#hack100days : Day 14 : Took a crack at metactf.com's Thanksgiving CTF. It's multiple days. Today there are six challenges. I've gotten 5. #ctf #getsmart #infosec

#hack100days : Day 15 : Looks like matactf.com's Thanksgiving CTF is only the five challenges. I'm hit and miss with crypto. I've managed to work out part of the plaintext. Gonna keep noodling on it. #ctf #getsmart #infosec

@scottlink For that one, we know IEX in powershell is Invoke-Expression right? Commonly used to create reverse shells, but in order to pass that we need to obfuscate the actual cmd a bit to get it do our bidding.

@apiratemoo Thanks for the pointer, I managed to get the obfuscated code one. I'm trying to get viggy with the crypto one. I've got part of the key, but the rest is a bit beyond me. Trying to sort out the role the pics play.