Hello there πŸ‘‹

Welcome to my blog, I will post things about cybersecurity, development and Linux. For more info check my about page and my socials:

πŸš€ TL;DR - Git

You want to know how to use Git as a chad developper?

October 17, 2021 Β· 2 min Β· 0xNinja

πŸͺ› Build your own mechanical keyboard

A simple and quick summary on how to build a mechnical keyboard on your own from scratch.

October 2, 2021 Β· 1 min Β· 0xNinja

You want to start to `pwn`?

So you want to start to pwn, don’t you? Well, I did too! Those are my notes on the past year of binary exploitation.

September 1, 2021 Β· 1 min Β· 0xNinja

How to install Archlinux

I recently installed once again Archlinux on a laptop. Let me explain how to do so.

August 18, 2021 Β· 6 min Β· 0xNinja

πŸ“¦ HTB - Schooled

Cool box, not too CTF-like and real-life applicable, my first FreeBSD πŸ˜„ But root part was too quick. TL;DR XSS to steal Moodle creds of teacher, privesc as manager and then RCE. Get MySQL in config file, dump users and get password hash. Break the hash with john to ssh as user. Common pkg install exploit for root. Footholds # Nmap 7.91 scan initiated Mon Aug 2 22:40:05 2021 as: nmap -A -p- -T4 -o nmap....

August 4, 2021 Β· 4 min Β· 0xNinja

πŸ“¦ HTB - BountyHunter

⚠️ writeup wrote months after root so informations are not accurate. TL;DR JS source code disclosure to forge internal requests, leak PHP source code with XXE in custom request, get DB credentials. Privesc with code injection in custom code without input validation. Recon Only HTTP and SSH, nothing special. Footholds We have here a simple web server, with custom SJ script to send bounty tickets. The portal tells us to go to /log_submit....

July 29, 2021 Β· 1 min Β· 0xNinja

πŸ“¦ HTB - Explore

Pretty interesting box, first time seeing Android in HTB. TL;DR Exfilter files on device using ES File explorer exploit, get user credentials. Root is straightforward with ADB. Footholds With nmap we get the following: # Nmap 7.91 scan initiated Wed Jul 28 14:49:28 2021 as: nmap -A -p- -o nmap.out explore.htb Nmap scan report for explore.htb ( Host is up (0.043s latency). Not shown: 65530 closed ports PORT STATE SERVICE VERSION 2222/tcp open ssh (protocol 2....

July 29, 2021 Β· 2 min Β· 0xNinja

πŸ“¦ HTB - Cap

Simple easy box, perfect to warmup before the FIC 2021 and get more confidence in 1337 h4ck1n9 TL;DR Find PCAP file on server, get SSH credentials, execute code as root with Python. Footholds I did not even use nmap here, as we had a web server serving on port tcp:80. This website looked like this: It seems to be a security dashboard for a server, we don’t have any info about that....

July 28, 2021 Β· 3 min Β· 0xNinja