Try   HackMD

I'll be adding more challenges on this writeup as I do more , but basically pwnable.kr is a website which offers practice on binexp (binary exploitation / pwn) challenges , the have challenges based in different levels !

First Challenge : FD







Mommy! what is a file descriptor in Linux?

* try to play the wargame your self but if you are ABSOLUTE beginner, follow this tutorial link:
https://youtu.be/971eZhMHQQw

ssh fd@pwnable.kr -p2222 (pw:guest)

Sounds fairly easy , so it's basically about file descriptors!, so let's connect and take a look on the challeng:



fd@pwnable:~$ ls
fd  fd.c  flag

So we got three files, where as fd is our binary, and the flag which contains our flag, and fd.c which is the source code of fd






















#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char buf[32];
int main(int argc, char* argv[], char* envp[]){
	if(argc<2){
		printf("pass argv[1] a number\n");
		return 0;
	}
	int fd = atoi( argv[1] ) - 0x1234;
	int len = 0;
	len = read(fd, buf, 32);
	if(!strcmp("LETMEWIN\n", buf)){
		printf("good job :)\n");
		system("/bin/cat flag");
		exit(0);
	}
	printf("learn about Linux file IO\n");
	return 0;

}

So we break down the source code to understand what it does and it looks like it takes an argument which is to be an input and then we got int fd = atoi(argv[1]) - 0x1234 which means the input you gave in will be converted to int, then read(fd,buf,32) where the buf is assigned to buffer of 32 characters.

So let's get back to school we have 3 types of file descriptors:




stdin with int value(0)
stdout with int value(1)
stderr with int value (2)

So first thing I do is to know the int value of 0x1234 which is being substracted to argv[1]







└──╼ $python3 
Python 3.9.2 (default, Feb 28 2021, 17:03:44) 
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> 0x1234
4660

okay basically 0x1234 = 4660, so what it does watever input we put in will be substracted with 0x1234 then it'll take our input and then checks if buf is equal with LETMEWIN and if it is , it'll give us the flag , if not then we can't read the flag it'll print learn about Linux file IO, Basically we have to make argv[1] - 0x1234 = 0 so as stdin is specified and then we can be able to input buf:





fd@pwnable:~$ ./fd 4660
LETMEWIN
good job :)
mommy! I think I know what a file descriptor is!!

FLAG : mommy! I think I know what a file descriptor is!!

WILL CONTINUE WHEN I DO THE NEXT CHALLENGE

Last changed by 
Tahaa Farooq
お前はもう死んでいる
0
2
189

Read more

UnderPass Hackthebox Writeup

An easy box from HTB, we first get access to daloradius with weak credentials using them to expose a potential user with his hashed (weak) password, I crack the password ending up getting the plaintext password and we use the password to login to the host via SSH! Easy Win! Lastly we escalate our privileges by taking advantage of Mosh (Mobile Shell). 🚀

May 10, 2025
Secret Writeup Hackthebox

So found 3 open ports , 22(SSH), 80(HTTP) , 3000(HTTP) with Node.js , Opening port 80 it had a landing page which was titled Dump Docs , and both were also there on port 3000 with a file named files.zip attached which contains the source code of how the api works

Apr 27, 2025
DLINK DPH-400SE - Exposure of Sensitive Information to an Unauthorized Actor

With default credential for the guest user “guest:guest” to login on the web portal, the guest user can head to maintenance tab under access and modify the users which allows guest user to modify all users as well as view passwords for all users.

Feb 20, 2025
File Transfer Tricks

As a penetration tester, you have happened to gain access to a few target hosts (windows &amp; linux) within the scope of your engagement and you are now required to transfer some files from your host to the target&#39;s host and vise versa, what do you do?

Jan 13, 2025
Read more from Tahaa Farooq
Published on HackMD