Over on #vulnhub, there has been quite a chatter about Brainpan2, a “sequel” to Brainpan, by superkojiman. They’re even offering a 50 GBP award to whoever submits the best write-up! Since I enjoy challenges like this, I took a look at the machine. However, the writeup had to wait …

Continuing from the last post, we are now logged in as a user. The next step on the PDF from the agent, that we can access, is the Notes Service.

I started analyzing the source code, and noticed that the text that says “yes” or “no” in the table is actually an image being …

In the previous post, I showed how to get the PDF that outlines the services running on the Monxla VM image. This article will continue where that one left off.

Firstly, the PDF explains that there are 2 virtual hosts enabled on the machine. To configure my machine for these virtual hosts, I added …

I had a twitter follower recently inform me that OverTheWire had a new wargame up and running.  I was immediately excited and downloaded it.  Several days later, I actually was able to start tinkering with it.

I booted up the image, and proceeded to do some preliminary nmap scans.  I found a few …

Up until now, none of the OverTheWire Natas challenges really gave me that much of an issue. This one however, took me a couple hours to complete. Level 15 is a fun blind sql-injection vulnerability.

It starts out with a username check dialog, which pretty much only gives you a binary value as to …

The next level of the OverTheWire Natas wargame is Level 14, which introduces SQL Injection, a very popular subject as of late.

The level starts out with a login dialog.

The source code is fairly straight forward. It’s doing a basic authentication query. It however, does have a handy …