• HackTheBox - Blunder

    Blunder was an easy Linux box on HackTheBox. This box was about :

    • Enumeration on a website to find that the Bludit CMS is used
    • Fuzzing the website to find a TODO list indicating the CMS is not up to date
    • Generating a list of password and brute force the authentication in order to find some valid credentials
    • Performing a RCE on the server as an authenticated user to have a reverse shell
    • Enumeration on the server to find a user hashed password and retrieve the cleartext to log in as hugo
    • Exploitation of a missconfiguration of the sudo right to get a root shell.

    Box Logo

    Read more
  • HackTheBox - Admirer

    Admirer was an easy Linux box on HackTheBox. This box was about :

    • Enumeration on a website in order to find some hidden files containing credentials
    • Retrieving a backup of the website using the credentials previously found on a FTP service
    • Exploitation of a vulnerable Adminer (an opensource database manager)
    • Hijacking a python library to exploit a custom backup script.

    Box Logo

    Read more
  • HackTheBox - Remote

    Remote was an easy Windows box on HackTheBox. This box involved a NFS service misconfiguration, a RCE exploit for the Umbraco CMS and finally using a TeamViewer service running to retrieve a password. This was a fun box to start with Windows exploitation and Privilege Escalation and I sure learned a lot.

    Box Logo

    Read more
  • SigSegV2 - Write up

    Last Week-end I attended SigSegV2 which is a french cybersecurity event with conferences all day and a CTF on site at night. There was a qualification phase where you had to succeed, at least one of the five challenges to be allowed to buy a ticket. This article is a write up about some challenges I managed to flag during the event or even after. The event was really great, but I didn’t stay late during the night so I didn’t flagged a lot but that’s something.

    Read more
  • HSCTF - Write up

    Today’s article will present some of the interesting challenges we have managed to solve during this year edition of the HSCTF. We were two for this CTF and get to the 84th place and we were pretty happy of that performance, could have been even better but not enough time to invest in it sadly.


    Read more
  • INShAck - Write up

    This article will present write-up of some challenges I’ve managed to flag during the INShAck CTF that was held from 05/02 to 05/05.


    Read more

subscribe via RSS