Sarper's Corner on the Internet

Exploring the endless world of cyber security and life

Sarper

StuxCTF Write-up

StuxCTF is a medium level boot2root challenge on TryHackme. This room consists of Diffie-Hellman key exchange, PHP deserialization attack and privilege escalation. As always, we start with a Nmap scan and end up finding 2 open ports: 22 and 80. PORT STATE SERVICE REASON VERSION…

Continue reading...
Sarper

Ultratech Write-up

UltraTech is an semi-guided room that covers the basics of penetration testing which are Enumeration, Privilege Escalation and WebApp testing. As usual, we start with port scanning. The scan reveals that the machine has 4 open ports: 21 (FTP), 22 (SSH), 8080 (HTTP) and 31337…

Continue reading...
Sarper

So Many 64s Write-up

This is actually pretty simple. We are given a multiple times base64 encoded string. We need to decode it to get the flag. The challenge file is here and to reach the challenge page click here. Here’s a recursive Python function to decode the base64…

Continue reading...
Sarper

RSA Noob Write-Up

RSA Noob is a cryptography challenge from CTFLearn. It is actually pretty simple. We are given a public key and a ciphertext. We need to decrypt the ciphertext to get the flag. Here’s the challenge file: e: 1 c: 9327565722767258308650643213344542404592011161659991421 n: 245841236512478852752909734912575581815967630033049838269083 Solution Let’s remember…

Continue reading...
Sarper

Two Million Write-Up

Two Million is an easy machine on HackTheBox. It involves API enumeration, privilege escalation on web application as well as a kernel exploit on the host. We start by running Rustscan to find open ports on the target machine. Two ports are open: 22 (SSH)…

Continue reading...