Hacking For Ramen

> Source code #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> int main(int argc, char **argv, char **envp) { char buf[1024]; int fd, rc; if(argc == 1) { printf("%s [file to read]\n"…

96 views20:25

Hacking For Ramen

I realized it's hard to keep up in series like that (because of the same picture, maybe?). They all look alike!
I'll try to add more context to each post for that sake.

In level 5 of Nebula wargame we will learn a bit about privileges in Linux, and how you can a private ssh key that you might find in the backup of a compromised computer.

#exploitdev #nebula
https://telegra.ph/Nebula---05-10-26

Telegraph

Nebula - 05

> Source code There is no source code available for this level. > Getting the flag By checking the flag05 directory we can find unprotected .backup folder: level05@nebula:/home/flag05$ ls -lah total 9.0K drwxr-x--- 1 flag05 level05 80 2021-06-16 00:17 . drwxr…

81 views15:54

Hacking For Ramen

Let's crack some passwords! In the level 6 of #nebula wargame we will learn how to crack the hash of the password.

#exploitdev
https://telegra.ph/Nebula---06-10-26

Telegraph

Nebula - 06

> Source code There is no source code available for this level. > Getting the flag Nothing interesting in the /home/flag06 folder, but by poking around in previous challenges I noticed that flag06 user has the hashed password in the /etc/passwd: level06@…

81 views15:57

Hacking For Ramen

Finally! The fun part starts here. All levels before that were to warm up.
In the level 7 of the #nebula wargame we got the source code of the application. We need to read, understand, and find how to exploit the bug there.

#exploitdev
https://telegra.ph/Nebula---07-10-26

Telegraph

Nebula - 07

> Source code #!/usr/bin/perl use CGI qw{param}; print "Content-type: text/html\n\n"; sub ping { $host = $_[0]; print("<html><head><title>Ping results</title></head><body><pre>"); @output = `ping -c 3 $host 2>&1`; foreach $line (@output) { print "$line";…

92 views16:02

Hacking For Ramen

Finding the password from the next level of #nebula wargame in the TCP stream by using Wireshark.
#exploitdev
https://telegra.ph/Nebula-08-09-20

Telegraph

Nebula - 08

> Source code There is no source code available for this level. > Getting the flag The .pcap file is in the flag08 folder, let’s download it to the main machine and analyze it with Wireshark. One of the ways could be spawning a SimpleHTTPServer on the machine:…

87 views16:05

Hacking For Ramen

In this #nebula challenge, we will analyze and exploit the vulnerable PHP code wrapped around in a C SUID binary.

#exploitdev
https://telegra.ph/Nebula-09-09-20

Telegraph

Nebula - 09

> Source code <?php function spam($email) { $email = preg_replace("/\./", " dot ", $email); $email = preg_replace("/@/", " AT ", $email); return $email; } function markup($filename, $use_me) { $contents = file_get_contents($filename); $contents…

91 views16:07

Hacking For Ramen

There you go, some #memes to keep you entertained

92 views16:23

94 views16:23

99 views16:47

Channel photo updated

21:08

Hacking For Ramen

Shoutout to @salty_pretzel for the amazing logo!

105 views21:11

Hacking For Ramen

So PortSwigger (folks who made Burp Suite and Web Academy) finally decided to make their own #cert. It costs $99, but if you will purchase it before Dec 15th they reimburse the whole amount. That could kill the eWPT 🤔
https://portswigger.net/web-security/certification

118 views23:45

Hacking For Ramen

This again. I had to postpone all other activities to make it fly… I really doubt that I’ll take any other eLearnSecurity #cert, what a shame

101 views21:59

Hacking For Ramen

Exploiting a Race Condition vulnerability in the level 10 of #nebula!
p.s. it's a halfway through the series, so I've changed the pic to kinda celebrate that.
#exploitdev
https://telegra.ph/Nebula---10-11-03

Telegraph

Nebula - 10

> Source code #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <string.h> int main(int argc, char **argv) { char *file; char *host;…

122 viewsedited 18:10

Hacking For Ramen

It was a perfect timing to move my blog to Telegram 🤦
#memes

108 views22:07

Hacking For Ramen

Damn, this level of #nebula took way more time than it should. I hate fixing bugs in old projects...
#exploitdev
https://telegra.ph/Nebula---11-11-11

Telegraph

Nebula - 11

Alright, first thing first - this level is broken. Let's admit it - Nebula is a pretty old project, and it seems abandoned now. Anyhow, challenges itself are quite nice, they are twisted in a way that force you to think as an attacker. In my opinion, this…

117 views20:02

Hacking For Ramen

Phew, that was a long waiting game, but I'm finally eWPT certified!
I documented my journey here:
https://telegra.ph/eWPT-review-10-15

#cert #web #review

Telegraph

eWPT review

> Table of Content Introduction About the eWPT course Expectations Before taking the course Lab time The exam Closing thoughts Useful resources > Introduction Some time ago I passed the OSCP, and that wasn't a breeze. You can reed more on that here. I promised…

166 viewsedited 12:31

Hacking For Ramen

Hello local nodes,
Today, I'd like to start another series that I'll try to push in parallels with #nebula. I was doing the #Web Security Academy from PortSwigger for quite some time, so I thought why not to write everything down and post it here?
Without a further ado, check this out:
https://telegra.ph/Authentication-bypass-via-OAuth-implicit-flow-11-17

Telegraph

Authentication bypass via OAuth implicit flow

> Objective

132 views18:14

Hacking For Ramen

As we are growing slowly (thanks for that!) I wonder what would YOU like to see more often?

Anonymous Poll

43%

Content about web security / bug bounty

29%

Binary exploitation / low level stuff

29%