fyx(me)
This website contains some of the work I've made public.
Website is always a work in progress... YMMV.
code
Content ordered using a single iteration of bogosorttools
- dreamcatcher, a TCP listener which allows the same port to be used as a HTTP file server (similarly to python's SimpleHTTPServer) and handle's other TCP connections similarly to netcat.
- blistener, a Blind-XSS listener with javascript payloads to retrieve the target user's browser data including cookies, local/session storage, html code (and optionally a screenshot) of current page (also works as a HTTP listener)
- genx, a fast alternative domain name generator to help in generating potential subdomains of a target. Useful when starting recon on a domain.
- dnsfaster, a tool to benchmark DNS resolvers in order to find resolvers with the highest speed and accuracy.
- short domain finder, a golang application which aims to find the shortest available domain based on user parameters (ie. length, domain extension). How I found this domain
research
github (ext)
- BSD rootkit, a BSD rootkit and rootkit detector (written for research & education)
- silentbook, Proof-of-Concept app allowing encrypted messaging over Facebook messenger using AES-256 encryption
- CRC-32 hash collider, Naive bruteforce attack to find a CRC-32 hash collision based on a provided CRC-32 value and a charset. CRC-32 is not a cryptographic hash function. There are mathematical ways to reverse the hash value to a valid input. For more information, see the following tool.
gists (ext)
- webserver.go, Simple Golang webserver serving files from a directory and logging all incoming requests (ip, headers and body content)
- replay-http.go, tool to replay an http request from a txt file in golang.
- whoami.go, Golang webserver which echo's the request back to you and prints your IP address.
- sqlmap-proxy.go, Golang proxy example to abuse more complex SQL injections which may not be picked up by sqlmap. For example, SQL injections in CTF challenges.
OLDER POSTS
writeups
post-mortems
- [July 2021] HackTheBox - Take It Easy Dare, a number of retired easy boxes that were made available for everyone during the month of July
- [July 2021] Hacky holidays - Space Race, awesome 3 week long CTF hosted by Deloitte Netherlands
CTF
- [redteam] Dreams :: Using PrintNightmare to exploit a vulnerable DC
- [redteam] Scorching :: NTLM hash cracking and kerberoasting
- [web] Skylark Capsule :: Weak JWT secret cracking. CRC-32 hash collision to login to admin
- [pwn] Deleted Flag :: Bypass seccomp to read a flag from an open file descriptor
Older CTF writeups currently reside on github: github.com/fyxme/writeups.
boot2root
- active :: Windows | Kerberoasting | Active Directory | Powershell
- bastion :: Windows | Powershell | File Misconfiguration
- forest :: Windows | Powershell | FKerberoasting | Active Directory
- heist :: Windows | Web | Process Inspection
- openadmin :: Linux | Web | File Misconfiguration
- traverxec :: Linux | Web | File Misconfiguration
- shocker :: Linux | Perl | Web | Injection
- writeup :: Linux | Web | SQL | SQLi