0xdf ​’s Post

🎮 🤖 👾 Just pwned the GoodGames machine on HackTheBox! This "Easy" Linux box provided some great challenges, especially around web app security and privilege escalation. After running Nmap, I found a Python-based web app on port 80. A simple SQL injection allowed me to bypass authentication and extract the admin's password hash using SQLMap. Cracking the hash gave me access to an internal Flask app, which was vulnerable to Server-Side Template Injection (SSTI). Using SSTI, I was able to get a reverse shell. The real challenge came with privilege escalation. I discovered I was inside a Docker container, and after some deep enumeration, I realized the host user’s directory was mounted with read/write permissions. By exploiting this Docker misconfiguration and reusing credentials, I was able to escalate to root on the host. The priv esc part was tricky, especially figuring out how to manipulate permissions within the container, but cracking it was so rewarding!

Imagine being a Cold War hacker, infiltrating top-secret files with nothing but a glowing terminal screen.... For my first LinkedIn post, I'm thrilled to share a sneak peek at my solo project for the #GitHub #GameOff #GameJam! This year’s theme is "SECRETS," and picking a wildcard limit of just 4 colours inspired me to create a gritty, 1960s-style hacker simulator. The game's concept is that you are a hacker, secretly accessing a top-secret computer from a distance. You should penetrate the system, decrypt the passwords, swipe sensitive information, and try to piece together the game's narrative in the eerie green light of a terminal interface. Tools and tech: The project is being made in #GodotEngine Are you guys interested in seeing where this game goes? #GameDev #IndieGameDev #RedIndieGames #Godot

The hardest course I've written to date (at least the hardest for me) just went live: Learn Pub/Sub architectures https://lnkd.in/g2eTQYMZ You build a real-time multiplayer CLI game with RabbitMQ and Golang. The reason it's been so challenging to build is I didn't want to settle for just a video course that goes over all the concepts. We launched a Bootdev CLI that runs HTTP requests against your local rabbit cluster as you pass off assignments and websockets the results back to your browser for that same 'ol Bootdev game experience. Also the CLI will come in handy for The Primeagen's new Git course that's dropping any day now...

Here's another repo I have been working on: https://lnkd.in/gmRV8N25 This is for the enthusiastic game dev community to play around with. I don't really know how boring text/prompt-based games are for others, but I have enjoyed playing some, especially the one you can find after a executing a command on Google's console window (I forgot what the command was, though). The current capabilities of the library are hassle-free (at least up to 50%) scene development and text-prompt management (the latter is a bit of a mess as I had to use shared pointers (`std::shared_ptr`, `std::make_shared`, etc.) to enable the polymorphism run at pointer-level. I hope the community gets to make the best use of this library and also maybe develop it further :) #opensource #github #cpp #gamedev

Just dropped a post listing some handy Modern C++ utility libraries, handy for game development. Includes libraries for CLI command parsing, logging, formatting and even creating text UIs. Hope you find it useful! https://lnkd.in/eWBJ5yJu #askRodney #gamedev #cplusplus

Building My Own WebSocket Server! Recently I've being digging into WebSocket development and have made my very first WebSocket server and client, that is able to send and receive commands in real time! Learning how to build a WebSocket server from scratch was both challenging and rewarding. Setting up the connection, managing message flow and getting commands to work has been quite a big milestone for me. This Experience has shown me how powerful real-time communication can be for fun and interactive gameplay, and I'm excited to expand on this with even more features as I keep learning! Here's a quick video of my WebSocket server in action, sending commands to the game in real-time! #WebSocket #GameDev #RealTimeNetworking #BackendDevelopment

Day 17 of #75DaysOfCode challenge. Today I have solved 1 HackerRank problem The Minion Game: Kevin and Stuart want to play the 'The Minion Game'. Game Rules Both players are given the same string, . Both players have to make substrings using the letters of the string . Stuart has to make words starting with consonants. Kevin has to make words starting with vowels. The game ends when both players have made all possible substrings. Scoring A player gets +1 point for each occurrence of the substring in the string . #HackerRank #75daysofcode

Hii everyone!!! I am completed my 1st Task assigned by #codsoft Task:Number Game The game 👩💻was user guess the random number generated by the server user get clue in each attempt like"too hight"... The condition is they have only 5️⃣ attempts... at the end they get their score..🏆 #codsoft #javaprogramming #virtuallearning

Shifting left isn't just a buzzword—it's a game-changer and needs to be ever present throughout the whole stage of the development life cycle. Itzik Spitzen shares a little what that looks like in one of the CTF Recaps. To get the full recap check out: https://hubs.la/Q030Y73t0 To attempt the retired CTF for yourself, go here: https://hubs.la/Q030Yg-R0 #CodeWizer #SecureByDesign #SecureCoding #AppSecurity #ApplicationSecurity #Developers