/images/avatar.jpg

Tunneling HTTPS Through HTTP

Amica - Devlog #1 In this post we will be exploring how HTTP proxies handle HTTPS request. If you haven’t read the last post go check it out first, this will make more sense if you read that first. To tunnel https requests http proxies use the CONNECT http method. Using this method the proxy establishes a TCP connection with the client and the server and relays the tcp packets back and forth between these two’s tcp connection.

Let's Write a Proxy Server

Amica - Devlog #0 A tale about a humble proxy server Lately I’ve been trying to learn Rust using the book. While reading the book I was able to write a simple date convertions library, writing a library is a good way to get your feet wet, in my opinion. After finishing the book I was, naturally, looking for other project ideas and I landed with this. In these series we will be looking at implementing our own proxy server.

Space | HackTheBox

Disclaimer This post is not meant to be an in depth tutorial, meaning it won’t tell you each and every step you need to take to solve the challenge, rather it’s meant to guide you, and give you a high level solution so you can solve the challenge in your own way. Intro The binary is simple in structure and straight forward, you have a space of 0x1f(31) to fill, with eip’s offset being at 0x12(18).

I Am Root

I Am Root Intro Lately a friend of mine in the neighboring dorm has bought these little devices which act as a mobile hotspot and he sometimes shares the passwords with a select group of people jio m2s And my natural cruiosity would not rest until I have away to gain access to this network when ever I want to. Since I don’t have the time or patience to run john or hashcat I started thinking of other ways to gain access to the network as I said before he sometimes shares his password with selected group of people.

Behemoth 2 - OverTheWire

Behemoth 2 - OverTheWire Intro The are more than one way to solve this challenge, and me being me I chose the hard way. After finally solving this challenge it was time to read other peoples writeups, as usual. I will share the easy way at the end, but I think you could learn a thing or two from the way I solved it. To start I decided to directly go and reverse the binary since Behemoth doesn’t offer any source code.

Narnia 7 - OverTheWire

Narnia 7 - OverTheWire Intro This level is kind of a combination of the previous two Levels. You have to overwrite a function pointer, but you have to do it using a format string vulnerability there is no overflowing this time. Now Let’s run the program see what it does. narnia7@narnia:/narnia$ ./narnia7 Usage: ./narnia7 <buffer> narnia7@narnia:/narnia$ The program asks us for an input. narnia7@narnia:/narnia$ ./narnia7 AAAA goodfunction() = 0x80486ff hackedfunction() = 0x8048724 before : ptrf() = 0x80486ff (0xffffd628) I guess you want to come to the hackedfunction.

Narnia 6 - OverTheWire

Narnia 6 - OverTheWire Introduction This level is all about overflowing into a local variable, specifically to a local function pointer variable. When you run the program without any argument it will exit asking for 2 arguments. These two arguments are mapped or copied to the two local variables on the stack, namely b1, and b2. They are copied using strcpy which we know is not a safe way of copying from user inputs.

Narnia 5 - OverTheWire

Narnia 5 - OverTheWire Introduction This level introduces what format string vulnerabilities are. A program is said to have a format string vulnerability if it pass unsensitized user input to one the printf family of functions. These are as follows. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 #include <stdio.h> int printf(const char *format, ...); int fprintf(FILE *stream, const char *format, ...); int dprintf(int fd, const char *format, .

What Is OverTheWire

What is OverTheWire Overthewire is a really good resource for someone really new to cybersecurity to learn about cybersecurity. It has a hands on approach of teaching things. It has what I call Seasons. These so called Seasons are not actually numbered but rather named, and each season has an episode. At least that’s how I imagine it in my head. Each season teaches a different cybersecurity concept. For example season 1 (Bandit) teaches about the Linux Operating System.

Mounting and unmounting with dmenu

Mounting and unmounting with dmenu Mounting devices with the mount command is a hassle, at least for me. To mount devices with the mount command you need to be root but if you use any kind of file manager to mount devices you don’t need to be root. Have you ever wonder why is that. Well it’s simple they use a different kind of command it’s called udiskctl here the help.