https://chiefdennis.github.io/tags/cyberchef/Recent content in CyberChef on Chief Dennis' BlogHugoenFri, 29 Aug 2025 18:00:00 +0100https://chiefdennis.github.io/posts/clamav-walkthrough/Fri, 29 Aug 2025 18:00:00 +0100https://chiefdennis.github.io/posts/clamav-walkthrough/<h2 id="clamav-offsec-walkthrough"> ClamAV OffSec Walkthrough <a class="heading-link" href="#clamav-offsec-walkthrough"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <h3 id="1-reconnaissance"> 1. Reconnaissance <a class="heading-link" href="#1-reconnaissance"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h3> <p>First, a ping is made to verify connection with the machine:</p> <p><img src="https://chiefdennis.github.io/posts/clamav-walkthrough/Picture.png" alt="image"></p> <p>A high TTL of ~130 is observed. However, the later Nmap scan will show a TTL of 61, which is more typical for Linux machines.</p> <p>A nmap SYN scan is run to discover all open ports:</p> <p>sudo nmap -sS -T5 -vvv -p- 192.168.199.42 -Pn -oG nmap_inicial</p>https://chiefdennis.github.io/posts/offsec_snookum/Sun, 16 Mar 2025 13:07:16 +0100https://chiefdennis.github.io/posts/offsec_snookum/<h2 id="snookum-offsec-walkthrough"> Snookum OffSec Walkthrough <a class="heading-link" href="#snookum-offsec-walkthrough"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <h3 id="rfi-vulnerability"> RFI Vulnerability <a class="heading-link" href="#rfi-vulnerability"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h3> <p>Remote File Inclusion (RFI) is a vulnerability in web applications that allows an attacker to upload and execute files hosted on external servers. This flaw occurs when an applicationdynamically includes files without properly validating user input, which can lead to the execution of malicious code. If proper security measures are not taken, RFI can completely compromise a system, facilitating data theft, malware execution, or even full control of the server.</p>https://chiefdennis.github.io/posts/htb_twomillion/Tue, 16 Jan 2024 13:07:16 +0100https://chiefdennis.github.io/posts/htb_twomillion/<p><img src="https://chiefdennis.github.io/posts/htb_twomillion/Screenshot_20.png#centre" alt="image"></p> <p>The TwoMillion HTB machine is an easy difficulty level HackTheBox Machine. The main techniques and tools used to crack this machine are:</p> <pre><code>- Command Injection - Burpsuite - CVE-2023-0386 - JS deobfuscation with Cyberchef - API enumeration </code></pre> <h2 id="reconnaissance"> Reconnaissance <a class="heading-link" href="#reconnaissance"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>We start a broad Nmap scan by executing the following command:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">sudo nmap -sS -T5 -vvv -p- 10.10.11.221 -Pn -oG nmap_inicial </span></span></code></pre></div><p>Where the arguments mean:</p>