ath0#hack100days : Day 5 : Took a crack at #hackthebox new release, Forgot. Learned some stuff, so that's good. I'm still slow, but eventually got root. I think some of it was more CTF than real life, but I look forward to seeing the reviews from the old hands. #infosec #getsmart
#hack100days: Day 7 : Finished sections 8 and 9 of PWST. Next up, hack Juice Shop. #infosec #getsmart #webapplicationtesting
#hack100days: Day 8: Spun up Juice Shop and started in. Used ZAP to spider. Found an auth bypass. Found a dir from robots.txt with some goodies. Recalled a hint from PWST to reap the goodies. Need to look at hacking a Keepass file. I'm sure I've seen that in a CTF or three. Need to attack the business logic in the app. Look at API enumeration. Time to kick off a directory brute-force and go to bed. #infosec #webapplicationtesting #getsmart
#hack100days : Day 9 : Analyzing main.js from juice shop. Finding endpoints on the server to explore and “endpoints” on the local app to explore. Router is a magic word. Need to do more poking and prodding to ascertain what kind of magic word “selector” is. #getsmart #infosec #webapplicationtesting
#hack100days : Day 10 : Watched a twitch stream of an attack on a #tryhackme box. Lots of malding, lol. Also poked at JuiceShop some more. #getsmart #infosec
#hack100days : Day 11 : More JuiceShop. Explored business logic. Managed to break the server a couple of times. Error checking and handling is hard. #getsmart #infosec #WebAppPentesting
#hack100days : Day 12 : Poked around at JuiceShop again. Worked with a group on derailed on #htb and got user. Don’t have foothold, yet. Got some mentoring on the next step and will work on it tomorrow. #getsmart #infosec #ctf
#hack100days : Day 13 (belated post) : Today was a little weaksauce. Researched kit to bolt onto a Raspberry Pi 3 to make a wifi hacking rig. #getsmart #infosec #wifihacking
#hack100days : Day 14 : Took a crack at metactf.com's Thanksgiving CTF. It's multiple days. Today there are six challenges. I've gotten 5. #ctf #getsmart #infosec
#hack100days : Day 15 : Looks like matactf.com's Thanksgiving CTF is only the five challenges. I'm hit and miss with crypto. I've managed to work out part of the plaintext. Gonna keep noodling on it. #ctf #getsmart #infosec
#hack100days : Day 16 : Still banging at the crypto challenge. I've gotten a big push, by the implementation is still escaping me. I've focusing on the decimal values of the ASCII char set. Maybe tomorrow I try with hex values and see if that leads to a breakthrough. #crypto #ctf #getsmart #infosec
#hack100days : Day 17 : Where I was going to go with the crypto challenge is not the path I took. @apiratemoo gave me some advice and I managed to sort it out. Compared to other crypto challenges I've worked on, I'm happy to have gotten to a solution. I've not seen one like this before. #cryptography #getsmart #ctf #infosec
pirate moo 🐮@scottlink That one was probably the most interesting of the challenges from there.
@apiratemoo Agreed. The others were pretty straight-forward. I think they had pitched it for less "seasoned" practitioners. That crypto one, though. Oof.
@scottlink No lie. I stared at the google one for a good 10 minutes at least HAHA
@apiratemoo The google one was good, it took a little more time than the others. I was surprised there was a #ctf opportunity with one of their products, actually. I ended at 162nd out of 552 people w/points on the board. I'm happy with that.
@scottlink I didn't do the last hash one, but that has more to do with laziness haha.
You did great!
When are you going to do your next CTF? I have a team. :)
@apiratemoo I'm planning on the TryHackMe Advent of Cyber next. That should be an easy 24 days for #hack100days. I also want to get ready for my PWST capstone. Planning on working on that between xmas and nye.
@scottlink I'm having my team do Advent 100% since they're so fun 