Humanity has exploited our allies, the dart frogs, for far too long, take back the freedom of our lovely poisonous friends. Malicious input is out of the question when dart frogs meet industrialisation. 🐸
Weather App
A pit of eternal darkness, a mindless journey of abeyance, this feels like a never-ending dream. I think I’m hallucinating with the memories of my past life, it’s a reflection of how thought I would have turned out if I had tried enough. A weatherman, I said! Someone my community would look up to, someone who is to be respected. I guess this is my way of telling you that I’ve been waiting for someone to come and save me. This weather application is notorious for trapping the souls of ambitious weathermen like me. Please defeat the evil bruxa that’s operating this website and set me free! 🧙♀️
Shield
wordpress website. with msfconsole upload nc.ex to wordpress uploads. start nc.exe and connect back to attacker’s nc listener.
Vaccine
SQL injection vulnerabilities
Oopsie
Session hijack with burpsuite to get reverse shell uploaded. setuid used to run cat=/bin/sh in /tmp
Archetype
The ports smb, mssql are open. impacket tools are used.
Pathfinder
Windows box. Open port 88 is typically associated with Kerberos and port 389 with LDAP, which indicates that this is a Domain Controller. We note that WinRM is enabled on port 5985. Python bloodhound injester used.
Format
Can you hear the echo?
emo
WearRansom ransomware just got loose in our company. The SOC has traced the initial access to a phishing attack, a Word document with macros. Take a look at the document and see if you can find anything else about the malware and perhaps a flag.
Illumination
A Junior Developer just switched to a new source control platform. Can you find the secret token?