Firstly I want to say that I highly recommend https://pwnable.kr/play.php to learn exploit development, the site is full of nice and easy to follow mini-challenges that you can conquer one by one. Best of all you simply ssh so no need to install VMs etc.
I wanted to do a run-through of level 1 for absolute beginners and also those keen to learn about file descriptors.
In Unix and related computer operating systems, a file descriptor (FD, less frequently files) is an abstract indicator (handle) used to access a file or other input/output resource, such as a pipe or network…
Hi everyone, it’s been some time since I last posted but I was just playing IO WARGAME and decided to write some up some solutions in the hope it may help people just starting out.
Firstly, ssh in to the box (password: level1)
Now enter the challenge directory
Now you are here, you’re free to try and run level01, if you do it will ask for a 3 digit passcode.
Enter the 3 digit passcode to enter:
Since I know this box has gdb, I am sure it’s easy to solve there so let’s try. …
As you should know by now, this blog has moved but incase you have missed it, check back to the site daily: https://labs.p64cyber.com
This blog will only post links like below every few days.
What is Modbus? https://labs.p64cyber.com/what-is-modbus/
Linux Privilege Escalation https://labs.p64cyber.com/linux-privilege-escalation/ …
Shared Library Injection (Library Chaos 1&2 from https://attackdefense.com/ — Linux Priv. Esc. Intermediate and Hard Categories) https://labs.p64cyber.com/shared-library-injection/ … @SecurityTube
Today I am sharing more than one post, the new site, P64. Over time P64 will become the number one online offensive security resource, it was created out of frustration of having hundreds of bookmarks, many open tabs, endless broken links and a lack of consistent ways for displaying information. Inspiration came from GTFOBins, I think it’s a simple yet easy to understand site that does exactly what it needs to and does it well.
It’s still a work in progress but it will be updated not just daily but at every opportunity that I and the few people who…
Today I have created a guide that will be constantly added to, it’s aim is to be the best FTP resource for pentesters.
Have you heard about Hack the Box? I hope so, it’s literally so damn good words can’t express how thankful I am to the creators. If you have not, it’s an online platform to test and advance your skills in penetration testing and cyber security. Awsome.
If you can afford it or work will pay, get the VIP subscription because then you don’t have to deal with nearly half as many pesky resets mid-priv. esc. etc, in fact, mostly none at all as they fill labs nicely and not over pack.
I am about to spend the evening on hackthebox.eu…
I am growing increasingly annoyed at Medium trying to paywall my posts by default, I have a job and don’t care to earn pennies on this so Medium, kindly sod off.
That said, I also have a lot of posts, content and scripts etc which are better suited as a series of posts plus can provide good content/downloads.
Question, should I set up a dedicated site and also invite friends/colleagues to contribute their own posts? I will still post every day, but you also get bonus content.
Should I do this? Yes or No, comment below! Or reply to post.
Security Researcher / 365 Days of PWN