More shell tricks: first class lists, jq, and the es shell| alurm.github.io
Resource is the 6th box I’ve created to be published on HackTheBox. It’s designed around an IT resource center for a large company who has had their responsibilities for SSH key signing moved up to a different department. I’ll start by creating a ticket with a zip attachment and using a PHAR filter to execute a webshell from that attachment, providing access to the ITRC container. There I’ll get access to the ticket DB and find a .har file with credentials in it. That user has access ...| 0xdf hacks stuff
ShellCheck is a static analysis tool that| Vidar's Blog
Contents| mywiki.wooledge.org
These routines are defined in different files along with one or several other classes, but are not actually attached to any particular class or role.| docs.raku.org
In Independent routines§| docs.raku.org
Bash Pitfalls| mywiki.wooledge.org
The seven medium challenges presented challenges across the Web Security, Fun, Network Security, Forensic, Crypto, and Reverse Engineering categories. While I’m not always a fan of cryptography challenges, both day 13 and 14 were fantastic, the former having me abuse a weak hash algorithm to bypass signing requirements, and the latter having me recover an encrypted file and key from a core dump. There’s also a Bash webserver with an unquoted variable, a PCAP with a flag in the TCP source ...| 0xdf hacks stuff
Good morning! It is still 2020, and the world is literally on fire, so I guess we could all use a distraction. This article continues the tradition of me getting shamelessly nerd-sniped - once by P...| fasterthanli.me
Why you shouldn't parse the output of ls(1)| mywiki.wooledge.org
4 Patterns| raimonster.com
