Ctf

Bandit is the best starting point for anyone new to wargames. It teaches you the Linux command line through increasingly tricky challenges. Here’s my walkthrough. bandit0# This one is easy — the password is in the readme file. cat readme bandit1# To read files with special characters as the name, prepend ./: cat ./- bandit2# To read files with spaces, quote the filename: cat 'spaces in this filename' bandit3# Use ls -la to see hidden files and directories: ls -la inhere/ ...

Leviathan# The Leviathan wargame from OverTheWire tests basic Linux privilege escalation skills. Here’s my walkthrough. leviathan0# Use grep to find the password. leviathan1# Read the binary and trace with ltrace and strings. leviathan2# If you ltrace the binary printfile you will see it’s using the access() function — which is known for a TOCTOU (Time-of-check to time-of-use) vulnerability, mostly abused using symlinks. Check how the binary works: ltrace -f ./printfile filename ...

This is the writeup for the Mr Robot CTF challenge on TryHackMe. Solution# First we start by enumerating the ports: nmap -p- -Pn -T4 | tee ports.txt Then we run the nmap script to find more information on the ports discovered: nmap -sC -sV -p -T4 | tee ports.txt It is good practice to run a gobuster scan to find directories while busy enumerating the box further: gobuster dir -u -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt ...