Making Go Go on a Diet

Recently I decided to look into the Go language - this was purely due to my inquisitive nature, and I thought it’d be fun to learn another language. However, there’s some stranege things going on when you compile the source.

Read on →

Don’t Answer the Doorbell

The Purge was created by strata, and I can tell you it’s a hassle to complete. But I did, and here’s how !

Read on →

Stealing the Fire From Heaven

c0ne surprised us all by releasing Pandora’s Box, which is a VM geared more towards exploit dev, and breaks the norm for vulnerable VM’s, as it doesn’t start with a website !

There are 5 challenges, I am going to post them as I crack them.

Read on →

Because She Was a Princess She Had a Pegasus.

Knapsy (blog) released Pegasus - to be honest I was supposed to beta test it, but I kinda didn’t get a chance to. However, it allowed me to experience the VM at the same time as everyone else.

People generally work alone on VM’s, so to mix it up a bit, I decided to team up with barrebas (blog) and own the VM as a collaboration :)

So, here’s a quick walkthrough on how to root Pegasus, written by both barrebas and myself.

Read on →

Knock Knock… Who’s There ?

zer0w1re released his first VM, Knock Knock, so I downloaded it and had a go (truth be told, I tested it before the public release, but this writeup is for the version available on Vulnhub.)

Read on →

Owl Up in My Grill

So, while we were all sitting in #vulnhub (on Freenode) waiting for superkojiman to release Persistence, Swappage released OwlNest. I thought, what the hell, might as well use it to pass the time, right ? I was, however, not expecting it to take me 4 days…

Read on →

Please Do Not Feed the Trolls.

Maleus released Tr0ll a while ago, and while I didn’t attempt it, I figured I’d do the follow up - Tr0ll2. So, here is a quick runthrough of how to pwn it.

I would put this VM at beginner level - it’s not particularly complicated. It’s more a case of finding hidden data than actually doing any vulnerability exploitation. Lets get started.

Read on →

How Many Hackers Does It Take to Change a Lightbulb ?

Whilst in the middle of cracking Xerxes2, leonjza decided to release Flick - a CTF that is sure to tax minds.  Naturally I decided to make myself feel like an unskilled loser, and downloaded it. Here’s the story of how I rooted Flick first.

root@flick:~# id
uid=0(root) gid=0(root) groups=0(root)
First ! @leonjza @VulnHub #flick #boot2root #vulnhub

Read on →

The Glory of the Many Demands Your Capture or Destruction.

It’s been a long wait, but barrebas released Xerxes2 on Vulnhub. I’ve not broken into Xerxes1, so I figured what the hell, lets give this a go. It might take me ages, but it’s all a learning curve, right ? Here’s how I became the first person to get root

root@xerxes2:~# id
uid=0(root) gid=0(root) groups=0(root)

Yup. #vulnhub #xerxes2 @barrebas @VulnHub](https://twitter.com/VulnHub

Read on →

I Climbed the SkyTower, but No Rapunzel :(

SkyTower is available from Vulnhub, and is a quick brain teaser that everyone is encouraged to try. It doesn’t take long, so it’s fun to see if you can do in your lunchbreak. The walkthrough is going to be short and sweet - maybe with a few GIFs thrown in for good measure.

Read on →