GRIMM HAX Combined Challenge

GRIMM HAX Combined Challenge Welcome, Bobby (100pts) Accessing the website at http://www.haxcorp.grimm-co.com/, we are provided with a login page with username as password. The objective of this level is to login as admin. Seeing this as a warmup level, I immediately try the following classic SQL injection And we are in. The flag is GRIMM-BOBBY-TABLES-WOULD-BE-PROUD. Oh How the Tables have Turned (100pts) From the description of the challenge, I predicted that this is another SQL injection to find the flag in a different table in the database, especially when we are presented with a search functionality.

Read more

2017 SANS Holiday Hacking Challenge

This year, I’ve had the chance to participate in SANS Holiday Hacking Challenge. The first time I did it was last year. I didn’t think it was interesting with real pentesting stuffs until I read the writeups, so I decided to start early this year. Terminal Challenges Finding Great Book Pages Things I’ve learned Terminal Challenges WINTER WONDER LANDING Linux command hijacking Click on the terminal, we are presented with the object: to find elftalkd.

Read more