Intro to Cybersecurity on quixel200

Integrated Security

Tue, 19 Aug 2025 08:51:29 +0530

These challenges build upon everything you learned so far, you’re almost there!

There will be very little or nothing new to learn here, you need to combine previously learned concepts.

Some of these challenges took me close to a week to complete, you will eventually get it!

Some tips for secure chat

Read the server code, it doesn’t change much from 1-5 and it will help you a lot. (When I say read I mean understand each and every line)

Binary Exploitation

Tue, 19 Aug 2025 08:39:39 +0530

When exploiting these challenges, I highly recommend using gdb to save you some time.

in pwntools

debugging will only work with with a multiplexer like tmux(covered in the linux module)

The difference between these is important

Start a process with the debugger(This will drop privileges)

p = gdb.debug("process")

Start the process and then attach a debugger(this will not work if its a setuid binary)

p = process("process")
gdb.attach(p)

Debugging shellcode

If your shellcode doesn’t work for some reason, add an int3 instruction to the beginning of your shellcode (\xcc). When run with a debugger it will automatically break at that point.

Reverse Engineering

Tue, 19 Aug 2025 08:32:55 +0530

Now would be a great time to learn to use ghidra,ida,radare2 or binary ninja. Also python scripting will come in real handy.

Do not waste your time trying to read the nested arrays or structs in the pseudo code section of ghidra(you’re welcome to try), it is much better to read the disassembly.
some disassemblers might decompile things better than others, for example I have seen Ida automatically find main in stripped binaries unlike Ghidra.
If static analysis gets too hard, just give the program input and see what goes wrong!, maybe even use something like gdb and set breakpoints.

There will be some challenges with a massive spike in difficulty, don’t give up you’ll eventually get it.

Access Control

Tue, 19 Aug 2025 08:30:43 +0530

Do you really want a guide for this? :(

You might want to script the last 2 levels using pwntools (there’s a community dojo for that)

Cryptography

Mon, 18 Aug 2025 16:27:37 +0530

After scouring through the internet for many hours, I have come to the conclusion that the material provided on the module is sufficient.

Here’s a video on how to approach the POA challenges that’s on the discord server:

here

Intercepting_communication

Mon, 18 Aug 2025 16:13:30 +0530

Denial of Service

Be patient… you need to find the right balance where you overwhelm the server but not your machine.

Sometimes your flag might get lose in errors so either save the output to a log or grep it directly.

The rest of the challenges

After these challenges, you need to craft raw packets using scapy. The documentation is linked in the module. Check out portswigger

Web Security

Mon, 18 Aug 2025 16:00:25 +0530

Path Traversal

The description is more than enough to solve these. This might seem very simple but it happens more often than you think
curl hates relative paths, it will resolve paths automatically, read the man pages to know more.I would recommend using python for testing.

Command Injection

The only hint for level 6: Think of every character you can use. Think about how you run multiple commands in your terminal or in a bash script

SQL injection

If you understand how SQL injection works, you’ll breeze through these, if not, watch the lecture video again

XSS

Before trying anything, cat the source code and understand what it’s doing.