battleoverflow battleoverflow

Description: A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code.

Description: Universal CTF is a project I started to help improve CTF experiences for beginners and speed up gathering results for veterans. Thanks to Universal CTF, you will no longer have to type out long commands over and over again, now you have a beautiful terminal based program to handle it all for you! You can view the project this blog post is based on here: https://github.com/battleoverflow/universal-ctf Welcome to a short blog post about a new program I wrote in Python to help those getting into CTFs in a more beginner-friendly way.

Description: You talked a big game about being the most elite hacker in the solar system. Prove it and claim your right to the status of Elite Bounty Hacker! Disclaimer: This writeup is for a room located on TryHackMe. If you would like to attempt the room, please visit it here. Task 1 Deploy the machine by clicking the Deploy button. Task 2 After the machine has finished booting up, run the following command to reveal the open ports on the network (If using personal Linux machine, remember to use OpenVPN):

Description: This room is based on the original Pokemon series. Can you obtain all the Pokemon in this room? If you came across this from somewhere other then TryHackme, view my room here: https://tryhackme.com/room/pokemon Question 1 Run Nmap to search open ports nmap -sC -sV -Pn <Machine_IP> (The server DOES ping, I just prefer -Pn for silence) After running a Nmap scan, we’ll see that there is an ssh & HTTP port open.