I know there are a few different methods to the new Kioptrix 4 boot2root. Unfortunately, I could not find the remote root exploit that is mentioned, but my method used several tools, and privilege escalation.

Tools used:

• Backtrack 5 VM
• Nmap
• SqlMap

To start out, I had to find the machine on the …

Welcome everyone to 2012! I took a bit of a break during these holidays, and am just starting to get back going.

This challenge was very interesting to me. I figured it would build off of the previous one. However, it was its own standalone challenge.

We are given the following code to the stack7 …

The Stack6 challenge was definitely a learning experience for me. This actually went beyond my existing skills, and made me learn some new stuff.

We are given the following code.

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

void …

Wow, this challenge was a tough one for me. I ran into some huge problems that I had to work out. Considering this is a “standard buffer overflow”, I figured it’d be as easy as some of the others I’ve done in the past. I’ll explain my frustrations inline.

First, …

Challenge 09 gave me the most issues out of any other challenge so far. This may just be because I haven’t touched PHP since version 3 was just coming out. However, it is based on a dangerous function, known as preg_replace(). There are several more dangerous functions, some of which can be …

This next challenge is a little bit more tricky than some of the previous ones. There’s a lot more code involved, but it’s not too bad.

In the flag07 home directory, you’ll find the configuration for a simple http server, thttpd.conf. Inside, you’ll find that it’s …