Safetech Blog - Security Tips and Tricks


by Oana Stoian

Billu-b0x Write-up

This write-up is for Billu-b0x CTF machine hosted on Vulnhub https://www.vulnhub.com/entry/billu-b0x,188/ This is one of those challenges focused on real-world technical vulnerabilities and this is why I like it. In my setup, the machine is using 172.16.100.86 IP address and I started with a nmap scan: Running nikto on the web server will get us the…

Read More

48 total views, no views today


by Oana Stoian

CTF-USV Writeup

This Write-up is written after CTF-USV 2016 contest, where students had the challenge to conquer 7 flags. We used the Facebook CTF Platform, where each flag had assigned a country. The theme of the Capture the Flag contest was Game of Thrones. Everyone is watching the series, right? 🙂   Running nmap a LOT of opened…

Read More

6,466 total views, 2 views today


by Oana Stoian

Breach: 2.1

Dear all, this day I will present you my way of exploiting the vulnerable machine-Breach 2.1. Many thanks to @mrb3n813 and @VulnHub. For information gathering I will be using nmap:

The  ssh port is opened : 65535, so let’s try to connect to it:

A banner is displayed, and we find out about…

Read More

5,591 total views, 5 views today


by Oana Stoian

PwnLab:init Walkthrough

Thanks to Claor @Chronicoder and VulnHub folks for the opportunity of writing another walkthrough for a very challenging vulnerable machine. First thing first, I fired-up nmap. Usually I do that, run nmap and after that nikto. 😀 As it can be observed, only two ports are of interest: 80 (for HTTP) and 3306, on which runs mysql….

Read More

4,029 total views, 1 views today


by Oana Stoian

Tommy Boy 1 Write-up

If you came here just for the last flag, here it is:

That’s all folks! Thanks for reading this! 🙂 And now, if you want to know the story of TommyBoy machine, let’s start from the beginnig. This challenge has a story, and quite an enjoyable one IMHO and this will make things more…

Read More

1,607 total views, 1 views today


by Oana Stoian

Mr. Robot Write-up

Being a fan of the series Mr.Robot, I decided to exploit this vulnerable machine added by Jason. Someone once said that the best way to be prepared for a hack when it happens, is to be hacked. So, let’s hack Mr. Robot 🙂 Starting with enumeration, I fired-up nikto, that reveals a lot of useful…

Read More

2,785 total views, 2 views today


by Oana Stoian

Stapler Writeup

In this article I will present you the way I have completed the Stapler machine challenge hosted on Vulnhub. Stapler is particularly interesting because it allows you to perform and obtain a lot of various information through enumeration – one of the best machines for this actually – thanks to @g0tmi1k for this!   Information gathering…

Read More

3,254 total views, 6 views today


by Oana Stoian

Fuku Writeup

There are lots of ways for exploiting Fuku, a machine which is not so easy to compromise – at least not for the patienceless, as it has some interesting defense mechanisms – some of them you will discover below, some of them  I’ll let you discover 🙂 Today, I’ll show you my way.   First…

Read More

1,612 total views, 1 views today


by Ionut Cernica

AT&T – Old version of JBoss and default credentials

I found an old JBoss console on one of the AT&T subdomains https://espcare.att.com/ There was an old version of JBoss web application, the application was vulnerable to authentication bypass, not to mention that I was able to authenticate with default username and password. Risk: I was able to deploy my desired application on the server…

Read More

615 total views, 1 views today


by Ionut Cernica

Parse.com security problem

This is a writeup for a security problem in parse.com website. Parse.com is an acquisition of facebook and every security problem on this website is eligible for a bounty in the facebook bugbounty program.   There was a problem with the download URL for important information about the applications you manage on your account. The…

Read More

654 total views, 1 views today