what is a pwnagotchi ? A pwnagotchi is a Tamagotchi like digital toy,but it feeds on Wi-Fi handshakes.The pwnagotchi is made with the help of a raspberry pi zero. It sniff around for the Wi-Fi signals around it and deauthenticate the client from the access point and captures the handshakes while they try to reconnect. This handshakes will be saved ...

Based on the Mr. Robot show, can you root this box? This CTF room can be considered as a very beginner friendly room.This was personally my first CTF room I have solved,so this is a special room for me. Mr.Robot is an American techno thriller television series. The plot is around Elliot Alderson, a cybersecurity engineer and hacker with a ...

A Rick and Morty CTF. Help turn Rick back into a human! Link to room is here This is Rick and Morty themed challenge,we are Morty in this challenge. We have to exploit a web server to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle.Let’s use our hacking ...

Can you exfiltrate the root flag? Link to room is here . Our challenge here is to find 2 flags. Let’s start with enumerating the ip Use: nmap -sC -sV -A <machine_ip> We can see that port 22 and port 80 are open. Let’s go and check out what is there in the website since port 80 is open. It’s ...

What is google Dorking ? Google dorking is a method or technique used to find precise search results,but with a little creativity we can find all kinds of data exposed in the internet accidentally. This technique can also be used to get precise information on any topic while googling things. The first thing that a cyber security enthusiat thinks when ...

Tabby is an easy Linux based machine from Hackthebox. The initial foothold to this box is obtained by Tomcat Manager app exploit and an LFI. Gaining user access requires a decent amount of enumeration. Root access obtained by exploiting the LXC. In this blog I have tried to separate each process Enumeration 2. Initial foothold 3. Lateral movement 4. Privilage ...

From the quick nmap scan I saw that two ports were open SSH and http By browsing into the port 80, I get to know that litecart is during by running gobuster I found /backup directory From there I got a tar file. I downloaded it my local machine From the file at shop/admin/login.php from the tar file I got ...

Lets get statrted by viewing the nmap results We can see that port 80 is running with a web server. Gobuster was failing continuously and I decided to take a peek in the official discussion forum. So I confirmed that was not an issue. So I continued inspecting the page and in the bottom side of the page it is ...

Remote is an easy windows machine from Hack the box. Lets get started with the result nmap scan At port 80 there was a http server running When I naviagated through the pages I found some names which could be potential usernames I thought of brute forcing these usernames on smb service In parallel I also initiated gobuster and got ...

Information Gathering As usual lets start with the nmap scan From the above image I saw that the port 80 is open. In parallel I also triggered a wfuzz for subdomains Later, When I tried to access port 80, the browser was redirected to sneakycorp.htb. I added this to the hosts file and tried accessing it on the browser. I ...