In this blog post, we will discuss how to fine-tune a pre-trained deep learning model using PyTorch. Fine-tuning is a powerful technique that allows us to leverage the knowledge learned by a pre-trained model on a large dataset and apply it to a new task. This can save a significant amount of time and resources compared to training a model from scratch. The fine-tuned model achieved 92.34% accuracy on the test set.
Read More
Machine Name: Interface
IP: 10.10.11.200
Difficulty: Medium
Interface is a medium machine that requires some “curling” skills to form request and demystify their respective response codes. The machine has a lot of fuzzing for API endpoints and parameters which lead to an exploit for DomPDF. The vulnerability deals with how DomPDF caches the font file and allows remote files to be read. The privilege escalation teaches a new technique that abuses Arithmetic Expression Injection in bash scripts.
Read More
In a world teeming with distractions where the internet unlocks an extraordinary wealth of educational resources that transcend ancient dreams, it emerges as a powerful tool, adept at ensnaring our minds and seizing control of our attention. We consume so much information that the only time we think at peace is in the bathroom while we bathe, the only time when boredom doesn’t irk us to get hold of our mobile phone. It’s when we ponder upon inane ideas that otherwise wouldn’t occur. Our generation has been lucky to see the advent of technology raise the bar for productivity, and stupidity too. Since the time power cuts were used as an excuse to tell stories or dreams and let our imagination run wild, to the present time where a power cut wouldn’t matter in our inverter resourceful homes and gadgets that keep us occupied, we have witnessed a shift in the way we engage our creative minds.
When do we think at peace? When do we enjoy our boredom?
Read More
Machine Name: MetaTwo
IP: 10.10.11.186
Difficulty: Easy
MetaTwo is an easy machine that needs exploiting a SQLi that leads us to hashes that need to be cracked. The cracked hash credentials provide access to a WordPress dashboard. This WordPress version is vulnerable to Blind XXE via a WAVE file format metadata. The XXE gives us access to the “wp-config.php” file which contains cleartext password for FTP. Enumerating the FTP server, SSH credentials are found for user. Privilege Escalation requires understanding of private and public keys and different methods that are used to encrypt them. Passpie is the application that was used to encrypt private keys found. We can crack the GPG format keys using John and gain the credentials for root.
Read More
Machine Name: Investigation
IP: 10.10.10.197
Difficulty: Medium
Investigation is a medium machine that has a web server vulnerable to command injection vulnerability. With enough enumeration, it is easy to exploit command injection. However, it only leads to a shell as www-data. Getting a user shell requires some log file analysis and common sense. Privilege escalation deals with binary analysis and code review.
Read More
Machine Name: Precious
IP: 10.10.11.189
Difficulty: Easy
Precious is an easy machine that requires basic enumeration to find and exploit an outdated software running on a web server. To escalate privileges, the machine makes you look at Ruby scripts and understand how one can identify and exploit Insecure Deserialization vulnerabilities.
Read More
If you have ever wanted to copy an error to debug and search on stackoverflow or copy a piece of text on terminal from a tmux session and failed, this post will guide you through the process of setting up a the Tmux Plugin Manager and installing Tmux-Yank to copy directly on the Linux System clipboard. I also demonstrate how to use mouse mode to scroll and copy using the mouse in Tmux.
Read More
Machine Name: Red Panda
IP: 10.10.11.170
Difficulty: Easy
Red Panda is an easy machine (not really) that exploits SSTI in Java Spring Boot to get an RCE. To escalate privileges to root, enumeration of directories, permissions, identities, groups, processes, and files need to be chained together to exploit a file that runs as a cronjob as root. The main attack involves performing an XXE attack to gain access to the private key of root.
Read More
Machine Name: Scrambled
IP: 10.10.11.168
Difficulty: Medium
Scrambled is a medium machine that requires an understanding of how Kerberos works. It includes enumerating users using Kerberos’ authentication protocol’s error message and password spraying to obtain valid credentials of the found users. The obtained credentials are used to get a TGT through which the SPN and TGS are obtained. The TGS was cracked and new credentials were obtained. The new credentials did not work when logging into MsSQL Client. The TGT ticket was used to enumerate the SMB share where a PDF with information about imposed access controls was found. Only administrator accounts can access the SQL database. A Silver ticket attack was performed in order to gain access to the database where more credentials were found and a shell could be obtained. After gaining the user shell, a DLL file found was decompiled and analysed. A serialization method was being called which was exploited by crafting a payload using ysoserial to gain a administrator shell.
Read More
Machine Name: Trick
IP: 10.10.11.166
Difficulty: Easy
Trick is a moderately easy machine that demands a lot of enumeration skills. It involves finding two sub-domains that can be found through DNS zone transfer and sub-domain fuzzing. One of the sub-domains has a SQLi that can be leveraged to gather information on the server and the other sub-domain has a LFI that exposes SSH private key. This key is used to gain SSH access to the user. Since the user can restart fail2ban as root, one of fail2ban’s configuration files needed to be modified to gain a reverse shell as root.
Read More