Brute-forcing passwords with Hydra

Hello, In this article you will find the solutions for the Hydra room on Try Hack Me. Link: Almost every bruteforcing or cracking task from HackTheBox/TryHackMe uses the rockyou.txt wordlist. You can google it and download it, if you can’t find it in your Kali distro under the path /usr/share/wordlists/rockyou.txt.gz If you’re using Kali then you have Hydra already installed, all you have to do is run two commands: Flag 1 Run the following command, the password should be cracked in less than one minute. ...

February 29, 2020 Â· 1 min Â· Denis NuČ›iu

Ghidra Scripting: Annotating Linux system calls

I had some fun this weekend messing around with Ghidra. Having such a powerful tool for free is truly a game changer. To start scripting in Ghidra, I downloaded the latest Eclipse for Java Developers Version: 2019-09 R (4.13.0), Ghidra and Open JDK, I believe any JDK version 11+ will work. After downloading the JDK, extract the zip, put it somewhere and modify your PATH and JAVA_HOME environment variables to point to it: ...

October 13, 2019 Â· 9 min Â· Denis NuČ›iu

Introduction to Angr

I always wanted to play around with a binary analysis framework but most of the time I was turned off by how difficult it was to install and use it. Just recently I’ve thought to give angr a try and now I want to share my experience with you! I will present you a two scripts that solve two challenges, if you wish to dig deeper and learn Angr then you should visit it’s official documentation. ...

August 21, 2019 Â· 5 min Â· Denis NuČ›iu

Fuzzing Like It’s 1989

April 1, 2019 Â· 0 min Â· Denis NuČ›iu

Installing MIASM on macOS

I’ve been reading the MIASM.re blog recently and I wanted to give miasm a try. The scope of this article is to provide guidance on how to build miasm on macOS and introduce miasm to my readers. Miasm is a free and open source (GPLv2) reverse engineering framework. Miasm aims to analyze / modify / generate binary programs. Here is a non exhaustive list of features: – https://github.com/cea-sec/miasm/ If you’re curious about miasm’s powers you should give these articles a quick read: ...

December 29, 2018 Â· 3 min Â· Denis NuČ›iu

Format String Exploit

Hello and welcome to Nucu Labs agent! We’ve been contracted by some external contractors to help them break…, I mean, assist them in making their life easier with their “competition”. We obtained their competition’s software from a poorly configured AWS server. Their competition, X, uses the software in order to setup a private communication channel to their servers, the software is simple, it fires up a server, listens on a port and waits for the right password, when the right password is entered, the server remembers the client and stops asking for passwords, simple. ...

December 20, 2018 Â· 7 min Â· Denis NuČ›iu

Practical Binary Analysis | No Starch Press

I started reading this book in november and it took me about two weeks to finish it. You should be a bit comfortable Linux and programming if you plan to give it a try. Here are my thoughts about it. What I like the most about this book is that it explains the subject in a straightforward and concise way! The author is a very knowledgeable security researcher and his work is state of the art! ...

December 12, 2018 Â· 2 min Â· Denis NuČ›iu

Serious Cryptography | No Starch Press

This is my first book review that I did my blog, I’m not really good at reviewing books and I’m not a native english speaker either, so bear with me and my clumsy english. I must also say that the subject covered by the book overwhelms me, I don’t claim to be an expert on the topic and and to be honest I don’t really want to become one, reading this book has provided me with enough information in order to be able to hold a basic discussion about cryptography related topics, had I put more effort, time and thought in this book I could probably become proficient. ...

November 23, 2018 Â· 2 min Â· Denis NuČ›iu

PicoCTF – An Introduction to CTF’s

PicoCTF is an amazing capture the flag competition targeting middle and high school students. It’s a game that consists in solving various computer security challenges from different domains, see the picture below. 🙂 While I’m just starting out to explore the field of computer security I feel that I’ve learned a lot doing these challenges, there are many other challenge sites on the internet but their difficulty is for experienced users, beginners like me often struggle as there are no hints and you don’t know how to tackle the problem. Doing PicoCTF has helped me solve the “Classic, yet complicated!” crypto challenge from HackTheBox in less than 5 minutes! Things will start ticking once you have the foundations laid out. ...

September 1, 2018 Â· 2 min Â· Denis NuČ›iu

How to run your own OpenVPN server on a Raspberry PI

My Raspberry, serving as an OpenVPN server Hello everyone! In this short article I will explain how to setup your own VPN (Virtual Private Network) server on a Raspberry PI with OpenVPN. After we setup the server, we will setup an obfuscation server in order to disguise our traffic indicating that we’re using a VPN. This will help us evade some form of censorship. Why use a VPN? First, let’s talk about why you may want to use a VPN server: ...

April 22, 2018 Â· 6 min Â· Denis NuČ›iu