Amonsec

It's all about security.

A simple blog where you can find different things about digital security.

H.A.S.T.E 1: CTF walkthrough

Yesterday (14th October 2017) my leet guys, @ch3rn0byl and @H4v0k, decided to begin a new VulnHub VM, despite the late hour, I followed them.

I learned a new attack vector: SSI injection. Thanks.

Timeline:

  • ch3rn0byl: we just started the haste one if you want to do it (00:28)
  • [..snip..]
  • H4v0k: boot it up amon , sleep is for the weak (00:31)
  • ch3rn0byl: sleep is for the bitchesssssss (00:32)
  • [..snip..]
  • ch3rn0byl: fucking haste (02:38)

Note, if you want to learn more about windows exploit development you can read the ch3rn0byl’s blog: here.

 

Introduction

Name: H.A.S.T.E: 1
Date release: 13 Sep 2017

Author: f1re_w1re
Series: H.A.S.T.E
Web page: https://securityshards.wordpress.com/2017/09/13/new-h-a-s-t-e-hacking-challenge/

Aim: get any kind of shell in the system.

Read More