[HTB] Admirer

Admirer is an easy Hack The Box Linux-based machine released on the 2nd of May 2020 and reachable on the IP address 10.10.10.187.

For whose who don’t know it yet, Hack The Box is an online platform where vulnerable machines are deployed in a private network accessible via VPN, and where users need to hack their way into the systems to collect flags as proofs of their success.

HTB Admirer information card

Read more Hacking and Security, Offensive Security, Web Security CTF, Hack The Box

[HTB] Traceback

Traceback is an easy Linux-based machine released on the 14th of March 2020 and reachable on the IP address 10.10.10.181 (despite what’s written on the info card).

HTB Traceback information card

Read more Hacking and Security, Offensive Security, Web Security CTF, Hack The Box

Hacker 101 - Capture the Flags with a Regex

Enjoying HackerOne’s CTF?

If you want to make sure not to inadvertently miss any single flag while skimming through web pages, you can ask ZAP to catch them for you with this regex: ^\^FLAG\^[\w\d]{64}\$FLAG\$$

ZAP settings to capture Hacker 101 flags automatically

A “Flag” tag will appear next the requests containing a flag in their response:

HTTP request captured with ZAP containing a Hacker 101 flag

This technique is particularly useful when a flag appears in a non-obvious location such as an HTML comment.

Hacking and Security, Offensive Security, Web Security CTF, ZAP

[Python] Sniffing inside a thread with Scapy

Scapy is an incredible tool when it comes to playing with the network. As it is written on its official website, Scapy can replace a majority of network tools such as nmap, hping and tcpdump.

One of the features offered by Scapy is to sniff the network packets passing through a computer’s NIC. Below is a small example:

This little sniffer displays the source and the destination of all packets having an IP layer:

$ sudo python3 sniff_main_thread.py
[*] Start sniffing...
[!] New Packet: 10.137.2.30 -> 10.137.2.1
[!] New Packet: 10.137.2.30 -> 10.137.2.1
[!] New Packet: 10.137.2.1 -> 10.137.2.30
[!] New Packet: 10.137.2.1 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
^C[*] Stop sniffing

It will continue to sniff network packets until it receives a keyboard interruption (CTRL+C).

Read more Development Python, Scapy, Signal, Thread

[Angular] Different sharing mechanisms for different situations

Angular has different mechanisms for sharing data between components. The choice of the sharing method mostly depends on the relationship of the related components. Typically, within the context of a parent-child topology, the most straightforward choice would be to use the @Input and @Output decorators. For sibling components, relying on a data sharing service seems to be the most obvious solution. In any case, once you have settled on the choice of a communication topology, you need to decide which data propagating mechanism to use.

Generally, components use EventEmmiter objects to share data with each other. When you pass data into an Angular component with an @Input decorator, you are actually using an EventEmitter object. Although this solution is appropriate for the majority of situations, this is not always the case. Let’s consider the following example:

Diagram of the data propagation using an EventEmitter

Read more Development Angular, WebApp