TJCTF 2020 Writeups
May 26, 2020
TJCTF 2020 TJCTF 2020 was a CTF run by TJHSST’s Computer Security Club. I played with the team inSmartCard, finishing 14th (in the high school teams, 20th with observer teams). Check out my team page on the CTF website here to see me carry my team :^). Here are some writeups of some challenges which I thought were interesting.
Web My specialty in CTFs are web challs, which is I tried to solve every web challenge in this CTF.
Houseplant CTF 2020 Writeups
Apr 26, 2020
JS Lotto I liked the concept for this challenge, but unfortunately a script to solve this exact problem already existed online. I took first blood on this challenge though, which I was pretty happy about.
Opening the website we see a webpage that asks us to input five numbers from 0 to 1000.
Opening the source code of the we site, we see a app.js which sends and recieves requests from the server.
TryHackMe - Game Zone
Apr 15, 2020
Intro A room in TryHackMe’s OSCP path. Make sure to check out TryHackMe!
Game Zone Writeup [Task 1] Deploy the vulnerable machine Deploy the machine. Open the IP address in your web browser to see the Game Zone forum. The picture in the background is Agent 47, from the Hitman series. If you didn’t know that from the top of your head, you could try reverse image searching that image.
TryHackMe - Kenobi
Apr 5, 2020
Intro The third room in TryHackMe’s OSCP path. Make sure to check out TryHackMe!
Kenobi Writeup [Task 1] Deploy the vulnerable machine First, we run an nmap scan. Here’s the output of nmap -sV -sC -A <IP>: The scan found 7 open ports.
Question: Scan the machine with nmap, how many ports are open?
[Task 2] Enumerating Samba for shares We can use the command nmap -p 445 --script=smb-enum-shares.
TryHackMe - Blue
Mar 20, 2020
Intro The next room in TryHackMe’s OSCP path. Make sure to check out TryHackMe!
Blue Writeup [Task 1] Recon First, I ran an nmap scan on the box with the command nmap -A -sC -sV <IP>. This runs a more aggressive scan that gives more information. The scan reveals 9 open ports, but only 3 of them are open below 1000. Looking at the scan, we see SMB running. This, along with the fact that one of the tags for the box is “eternalblue”, makes me think that this box could possibly be vulnerable to EternalBlue.
TryHackMe - Vulnversity
Mar 15, 2020
Intro I recently subscribed to TryHackMe so I could have access to their cool hackable boxes and preparation paths. Vulnversity is the first actual exploitation room on the OSCP preparation path. OSCP, or Offensive Security Certified Professional, is a ethical hacking certification that I will be aiming to get in the near future, so this room seemed like the perfect place to start.
I will be using Kali Linux to solve this box, but any system can be used provided it has all the required tools.
Mar 9, 2020
Hey, welcome to my blog. My name is Bryce, and I’m a student who is trying to learn more about computer science and cyber-security.
In my free time, I participate in information-security capture the flags (CTFs), code on HackerRank, or privesc boxes on TryHackMe. I’ll be posting all my writeups and some other stuff here.
Right now, I participate in CTFs with PentaHex.
I also play video games, add me osu!