Assembly

Introduction I had been planning for a while to dive deeper into the fmp12 file format to explore how data is organized and how accounts and passwords are stored. A few months ago, I finally found the time to do it. The first thing I noticed was just how little information publicly exists about the file format and especially about account and password storage. The only information on the latter was that “a one-way hash” is used for storing passwords and that there are some password reset tools that – according to forums – might work but would also “damage” your file, without any further clarification. ...

A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.

This is a write-up of today’s retired Hack The Box machine Buff. Buff was a fun 20 point box that included exploitation of a known vulnerability in a gym management web app and a classic buffer overflow for getting an administrator shell. In my opinion doing this machine can also serve as a good practice if you plan on doing something like the OSCP or eCPPT certification and still need practice targets for the binary exploitation / buffer overflow part. ...