a collection of stuff, thangs.....

Latest Posts!

enum - TAMUCTF 2018

Posted: 2018-02-26 02:24:35 (ohai)

Find the hidden flag.
You do not need to bruteforce. Don't do it.

ssh -p 2222
password: tamuctf

SSH'ing to the box we are presen... Whole Post

Segals Law - TAMUCTF 2018

Posted: 2018-02-26 01:41:11 (ohai)
"A man with a watch knows what time it is. A man with two watches is never sure." - Segal's Law

The third piggy (from Brick House) isn't too happy. Maybe you can... Whole Post

Augusta BSides 2017 Code Challenge

Posted: 2017-07-26 01:57:36 (ohai)
This was a neat challenge put on by the Augusta BSides folks as I guess some what of a teaser before the actual event.... Whole Post

Hack The Vote - Voter Registration

Posted: 2016-11-07 03:15:09 (ohai)
This was a pretty painful web challenge from Hack The Vote. There was a kind of comedy of errors basically leading to the flag.

Upon loading u... Whole Post

Fuzzing simple listeners

Posted: 2016-09-05 17:26:16 (ohai)
Tokyo Westerns 2016 was this past weekend and one of the challenges (Judgement) had you connect to a remote listener and send it somethin... Whole Post

BioTerra 2016 - Wathzefugg

Posted: 2016-08-28 10:39:38 (ohai)

While I'm still kinda halfway in CTF mode I thought I'd knock out one more this weekend. This was the only reversing challenge that was up on BioTerra. Although I did waste a lot of time on this o... Whole Post

HackCon 2016 - Army of Binaries

Posted: 2016-08-20 17:15:47 (ohai)

It's been a while. Kinda let this thing go but it's come back out of a need to get flask working with uwsgi with nginx (sorry, tornado, you're dead to me). Anywho, the bulk of the site has been rec... Whole Post

Brute Forcing Really Simple CAPTCHA

Posted: 2015-05-24 16:57:28 (ohai)

edit: 2017oh lawd this is awful, i promise to clean this garbage up... one of these days..

Today I took a look at what appears to be a fairly popular CAPTCHA plug... Whole Post

Brute Forcing Web Forms with Burp Intruder

Posted: 2015-05-24 16:40:48 (ohai)

In this video we brute force (lol, no, dictionary attack!) a web form (from Damn Vulnerable Web App) to get the admin password using Burp Intruder. EDIT: I'll see about writing up a quick pytho... Whole Post

Stored XSS using BURP proxy

Posted: 2015-05-23 16:47:04 (ohai)

In this video we exploit client side input validation to steal another user's cookie. This is a fairly standard and straightforward action. The first time I saw this in action was during a SANS cou... Whole Post