User flag Aero.htb Use my implementation of CVE-2023-38146 to generate a malicious Windows 11 theme and upload it to the machine. This should get you the user shell. Root flag After looking around for stuff on the machine, I found a PDF file in the C:/Users/sam.emerson/Documents folder that says something about CVE-2023-28252. 📄 So, I compiled it and replaced notepad.exe with a reverse shell executable, compiled it using Visual Studio and gained the system shell....
User flag The only interesting thing is running on port 8080: http://10.129.175.20:8080/. OpenPLC which uses default credentials openplc:openplc. To exploit this thing, navigate to the Hardware tab and append the following C code to the Hardware Layer Code Box: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 #include <stdio.h> #include <sys/socket.h> #include <sys/types....
User flag Analysis.htb I started by enumerating the VHosts on the webserver as there was no obvious vulnerability on the website: 1 ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -u http://analysis.htb/ -H "Host: FUZZ.analysis.htb" The only result should be internal.analysis.htb so let’s fuzz more: 1 ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://internal.analysis.htb/FUZZ After extensive fuzzing, I discovered a PHP file which is interesting: 1 ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://internal.analysis.htb/users/FUZZ.php By now, we have a file named list....
To access all the spark plugs, I had to remove the air filter box and a part of the intake manifold, which was a bit tedious. Afterward, I just had to disconnect the plug and could unscrew the spark plug using a spark plug socket. I applied a bit of ceramic paste to each new spark plug and then reinstalled them with a torque wrench (in my case, 25Nm - check the manual if unsure)....
Remove the cover plates to access the frontal lights. Ensure to reconnect the bulb in the same orientation. Pay close attention to the polarity; the little rectangle should face downwards for the inner lights and upwards for the outer lights. Reversing the polarity may cause malfunction or damage. Always double-check the orientation to avoid potential issues with reverse polarity.
I buyed my cats this toy that drives around with a laserpointer on top. It was a banger on first sight so I decided to add a remote controlling ESP-32 that can be reached over HTTP to control it. I built a simpe web page with a button to start and stop it. Wiring diagram: Arduino source code for this: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 #include <WiFi....
If there is a project in which you need to assemble code in a C# project, you found the right place. I’ll be using the flatassembler (https://flatassembler.net/) and it’s FASM.dll (which you can download in the forum https://board.flatassembler.net/topic.php?t=6239) to achieve this. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 // remove fixed(stackalloc) if buffer gets to big to fit on the stack or if safe context is needed, it is only used for performance here fixed (byte* pBytes = stackalloc byte[64]) // 64 is the size of the buffer for the assembled instructions { if (FasmAssemble("use32\nXOR EAX,EBX", pBytes, 64, 16, IntPtr....
In many projects, I needed to access another process’s memory but there are only a few examples that are not using C#’s full potential and some of them are very old. I came up with a simple way of reading and writing memory with very little code. Keep in mind that this way only works for unmanaged data types like int or byte, to read strings from memory you need to do some more work, have a look into this class: https://github....