Published in Write-ups HackTheBox·Jan 21Member-onlyHow to solve Illumination (Forensics)[HTB]Step by step on how to solve this Forensics challenge After downloading the zip file and unzipping it, we are left with the following structure: > tree -a -L 2 . ├── bot.js ├── config.json └── .git ├── COMMIT_EDITMSG ├── config ├── description ├── HEAD ├── hooks ├── index ├── info ├── logs ├──…Git2 min readGit2 min read
Published in Write-ups HackTheBox·Jan 18Member-onlyM0rsarchive [Misc] Writeup HTBIn this problem we have two files: a zip file with password and an image. Check the challenge here.Hackthebox1 min readHackthebox1 min read
Published in Write-ups HackTheBox·Jan 14Member-onlyHow to solve MarketDump [HackTheBox]Step by step on how to solve this Forensics challenge. To can check it here. We get a pcapng file, which we can open with Wireshark. The clues in the problem tell us that an attacker used the webserver to pivot into the network. Reviewing the data we see that…Hackthebox2 min readHackthebox2 min read
Published in Hacking/Security·Jan 14Member-onlyHow to solve USB Ripper (Forensic)How to solve step by step the challenge USB Ripper from the HackTheBox. We download and unzip the file, what we get is: > tree . ├── auth.json └── syslog 0 directories, 2 files Let’s see the content of the files: auth.jsonHackthebox2 min readHackthebox2 min read
Published in Write-ups HackTheBox·Jan 13Member-onlyCryptoHorrific [Mobile] [Writeup]Step by step writeup Link to the challenge. Get the parameters to decrypt the text: Use IDA to get the assembler code and F5 to generate pseudo code. In the challenge.plist file we find the following: bplist00��TflagRidUtitle_XTq+CWzQS0wYzs2rJ+GNrPLP6qekDbwze6fIeRRwBK2WXHOhba7WR2OGNUFKoAvyW7njTCMlQzlwIRdJvaP2iYQ==S123_HackTheBoxIsCool After some trial and error, we infer that the base64 text must be…Mobile1 min readMobile1 min read
Published in Write-ups HackTheBox·Jan 12Member-onlyHow to solve 'Missing in action' [OSINT]Step by step writeup Details from the challenge few weeks after it was released. You can check the challenge on HTB's new website here. All we know is that we need to look for a person named ‘Roland Sanchez’ from Birmingham, UK. The family is convinced that he was kidnapped…Hackthebox2 min readHackthebox2 min read
Published in Hacking/Security·Jan 11Member-onlyHow to download all videos from a YouTube channel or playlistSome time ago Youtube announced that it will remove hacking videos and some people asked me for help to support all channels with this type of content. The entire project is here. The input that was given to me were channels and channel playlists, and from this the following cases…YouTube5 min readYouTube5 min read
Published in Write-ups HackTheBox·Jan 10Member-onlyHow to solve challenge 'Money Flowz' [OSINT]Details of the challenge when was released (and the HTB website was much worst) The first thing I did was to search for the name in the description on Twitter.Hackthebox2 min readHackthebox2 min read
Published in Write-ups HackTheBox·Jan 10Member-onlyHow to solve 'ID Exposed' {OSINT} [HTB]Step by step solution to the challenge So, this challenge looked like this when I solved it: Only 20 points, but is not that easy as you can see in the yellow bar. For me, it was difficult and without some hints it would have taken me a lot more…Hackthebox2 min readHackthebox2 min read
Published in Bug Bounty·Dec 22, 2022Member-onlyUsing notify to send notifications to a Telegram bot (with the help of ChatGPT)I wanted to use Inside ProjectDiscovery project called notify to send notifications of a custom shell script to a Telegram bot. That might sound easy, I actually did the same process a year and half ago, but this time I couldn't make it work. …Chatgpt4 min readChatgpt4 min read