Adams Write-ups and References

Summary Author: @JohnHammond "Gretchen, stop trying to make fetch happen! It's not going to happen!" - Regina George, Mean Girls Steps I downloaded wimble.7z to my Kali VM and executed 7za e wimble.7z. I was presented with a file called fetch. I executed file fetch and was given this result: fetch: Windows imaging (WIM) image v1.13, XPRESS compressed, reparse point fixup. I researched mounting .wim files on Linux and found wimmount from wimtools will mount the fetch file.

Continue reading 

2— title: 2024 SANS Offensive Operation CTF - Taskist 002 date: 2024-02-28T07:00:00-07:00 tags: javascript image: Summary Great, you were able to leak sensitive information of the admin account! But can you log in as the admin account now? Play around with other features available on the platform! Taskist 002 While enumerating the application I found that you can change the userid when performing a password change. Using a proxy, I intercepted the password change request and changed it to the admin’s userid of 64, and we received the below responses.

Continue reading 

2— title: 2024 SANS Offensive Operation CTF - Taskist 003 date: 2024-02-28T07:00:00-07:00 tags: javascript image: Summary Wow! You compromised the admin account! Looks like there's some interesting information on the admin dashboard and some additional features, can you read the application's server-side source code? Taskist 003 While logged into the application as an admin, I now had access to the site_configuration where we can import and export configuration setting. I first exported the current site configuration and then re-imported it to understand the format that was required to import.

Continue reading 