ChrisPritchard

DX2: Hell's Kitchen!

Second room in the Deus Ex (2000) inspired series. This one is considerably more tricky than the first room, but not crazily so: every step is trivial, but with a twist.

Website 1

1. Scanning will reveal just two ports: 80 and an unusual port. On both is a website, the first containing the apparent home page for the 'Ton Hotel, and the latter a login interface to NYCOMM mail.
2. With no creds efforts should be focused on the first site, which seems pretty basic. There is a guest book, an about page and a new booking page, however the button that opens new bookings is disabled by javascript as no bookings are available.
3. By examining the javascript code you can see it makes an api call, but this is a simple get request with no params and doesn't seem vulnerable. However you can learn the path to the new booking page.
4. By going there a message says no rooms are available, however the page is running javascript and there is a hidden form. The javascript grabs a cookie value and m

ChrisPritchard

import requests
import string

url = "http://localhost:8080/login.php"
headers = {"Host": "localhost:8080", "Authorization": "Basic YWRtaW46WTN0aVN0YXJDdXIhb3VzcGFzc3dvcmQ9YWRtaW4="}
cookies = {}
possible_chars = list(string.ascii_letters) + list(string.digits) + ["\\"+c for c in string.punctuation+string.whitespace ]

def get_usernames(prefix):
    usernames = []

ChrisPritchard

[package]
name = "capture-returns"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
base64 = "0.21.5"
eval = "0.4.3"

ChrisPritchard

<html>
	<head>
		<title>Latest Commits</title>
		<style>
			label {
				display:block;
			}
		</style>
	</head>
	<body>

ChrisPritchard

Pwntools Cheatsheet

1. Program Interaction
2. Environment and Contexts
3. Logging and Output
4. Encoding, Packing and Utility
5. Assembly and Shellcraft
6. ELFs, Strings and Symbols
7. Return Oriented Programming
8. SROP and Sigreturn Frames

ChrisPritchard

Deus Ex 1: Liberty Island Official Walkthrough

https://tryhackme.com/room/dx1libertyislandplde

"Can you help the NSF get a foothold in UNATCO's system?"

A boot2root inspired by the first level of Deux Ex (2000), where you assault Liberty Island which has been taken over by NSF terrorists (though with Deus Ex, nothing is as it seems). You take the role of a hacker trying to compromise UNATCOs network as part of the attack.

Most of the text from this room is taken directly from notes and emails encountered throughout that level and the UNATCO (united states anti-terrorist coalition) base that is on the island. I used https://nuwen.net/dx.html as a very good resource, which contains extracted text files from the game.

ChrisPritchard

Putting Linux on an Asus VivoBook

My device: Asus VivoBook Series X206HA-FD0077T Notebook

• Use rufus on windows to write a linux iso to a usb drive (A)unite
• ESC will get into the boot menu / grub. if the latter, open system settings to get into bios/uefi
• save & exit allows you to override the boot order and boot from USB

ChrisPritchard

package main

import (
	"bufio"
	"fmt"
	"os"
	"strings"
	"time"
)

ChrisPritchard

#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <linux/fs.h>

int main(int argc, char **argv)
{
    FILE *fp;

ChrisPritchard

var watcher = new FileSystemWatcher(".") { EnableRaisingEvents = true };
watcher.Renamed += (_, e) => 
{
    if(Path.GetExtension(e.Name) != ".savegame")
    {
        Console.WriteLine($"Ignoring {Path.GetExtension(e.Name)} file");
        return;
    }
    try