<feed xmlns="http://www.w3.org/2005/Atom"> <id>https://denarzai.github.io/</id><title>Denarzai</title><subtitle>CTF writeups, HackTheBox walkthroughs, and cybersecurity notes by Muhammad Subhan — BS Cybersecurity student at FAST NUCES Islamabad.</subtitle> <updated>2026-07-04T16:21:04+05:00</updated> <author> <name>Muhammad Subhan</name> <uri>https://denarzai.github.io/</uri> </author><link rel="self" type="application/atom+xml" href="https://denarzai.github.io/feed.xml"/><link rel="alternate" type="text/html" hreflang="en" href="https://denarzai.github.io/"/> <generator uri="https://jekyllrb.com/" version="4.4.1">Jekyll</generator> <rights> © 2026 Muhammad Subhan </rights> <icon>/assets/img/favicons/favicon.ico</icon> <logo>/assets/img/favicons/favicon-96x96.png</logo> <entry><title>TryHackMe Pre-Security: Module 2 — Introduction to IT &amp; Computing</title><link href="https://denarzai.github.io/posts/tryhackme-presecurity-module-2/" rel="alternate" type="text/html" title="TryHackMe Pre-Security: Module 2 — Introduction to IT &amp;amp; Computing" /><published>2026-07-02T05:09:00+05:00</published> <updated>2026-07-02T05:09:00+05:00</updated> <id>https://denarzai.github.io/posts/tryhackme-presecurity-module-2/</id> <content type="text/html" src="https://denarzai.github.io/posts/tryhackme-presecurity-module-2/" /> <author> <name>Muhammad Subhan</name> </author> <category term="Learning" /> <category term="TryHackMe" /> <summary>Overview Module 2 of TryHackMe’s Pre-Security path covered the foundational concepts of IT and computing across four rooms. Most of this was conceptual rather than hands-on — building the mental model of how computer systems are structured and how they communicate before getting into security specifics. Room 1 — Core Computer Components and the Boot Process The first room covered what’s phys...</summary> </entry> <entry><title>OverTheWire Bandit: Level 20 to Level 21</title><link href="https://denarzai.github.io/posts/bandit-level-20-21/" rel="alternate" type="text/html" title="OverTheWire Bandit: Level 20 to Level 21" /><published>2026-07-01T01:05:00+05:00</published> <updated>2026-07-01T01:05:00+05:00</updated> <id>https://denarzai.github.io/posts/bandit-level-20-21/</id> <content type="text/html" src="https://denarzai.github.io/posts/bandit-level-20-21/" /> <author> <name>Muhammad Subhan</name> </author> <category term="CTF" /> <category term="Bandit" /> <summary>The Goal A setuid binary called suconnect connects to a port on localhost. If it receives the correct password for bandit20, it sends back bandit21’s password. The challenge: you need a listener running and ready before suconnect connects to it — both things have to happen at the same time in one terminal. What I Did Listed the home directory and ran the binary without arguments: bandit20@b...</summary> </entry> <entry><title>OverTheWire Bandit: Level 19 to Level 20</title><link href="https://denarzai.github.io/posts/bandit-level-19-20/" rel="alternate" type="text/html" title="OverTheWire Bandit: Level 19 to Level 20" /><published>2026-06-30T03:00:00+05:00</published> <updated>2026-06-30T03:00:00+05:00</updated> <id>https://denarzai.github.io/posts/bandit-level-19-20/</id> <content type="text/html" src="https://denarzai.github.io/posts/bandit-level-19-20/" /> <author> <name>Muhammad Subhan</name> </author> <category term="CTF" /> <category term="Bandit" /> <summary>The Goal Use a setuid binary in the home directory to read the password file for bandit20 — a file that bandit19 cannot access directly. What I Did Listed the home directory and found a binary called bandit20-do. Ran it without arguments first as the level suggested: bandit19@bandit:~$ ./bandit20-do Run a command as another user. Example: ./bandit20-do whoami Tested it with whoami to co...</summary> </entry> <entry><title>OverTheWire Bandit: Level 18 to Level 19</title><link href="https://denarzai.github.io/posts/bandit-level-18-19/" rel="alternate" type="text/html" title="OverTheWire Bandit: Level 18 to Level 19" /><published>2026-06-30T02:40:00+05:00</published> <updated>2026-06-30T02:40:00+05:00</updated> <id>https://denarzai.github.io/posts/bandit-level-18-19/</id> <content type="text/html" src="https://denarzai.github.io/posts/bandit-level-18-19/" /> <author> <name>Muhammad Subhan</name> </author> <category term="CTF" /> <category term="Bandit" /> <summary>The Goal The password is in a file called readme in the home directory. The problem: .bashrc has been modified to log you out immediately when you SSH in, before you can run any commands. What I Did Normal SSH login would drop me straight back out because of the modified .bashrc. The fix is to tell SSH to run a specific command directly instead of starting an interactive shell: ssh bandit18...</summary> </entry> <entry><title>OverTheWire Bandit: Level 17 to Level 18</title><link href="https://denarzai.github.io/posts/bandit-level-17-18/" rel="alternate" type="text/html" title="OverTheWire Bandit: Level 17 to Level 18" /><published>2026-06-30T02:20:00+05:00</published> <updated>2026-06-30T02:20:00+05:00</updated> <id>https://denarzai.github.io/posts/bandit-level-17-18/</id> <content type="text/html" src="https://denarzai.github.io/posts/bandit-level-17-18/" /> <author> <name>Muhammad Subhan</name> </author> <category term="CTF" /> <category term="Bandit" /> <summary>The Goal Two files in the home directory: passwords.old and passwords.new. Both contain hundreds of lines. One line has changed between them. Find the changed line in passwords.new — that’s the password. What I Did Listed the directory and saw both files. Opened both with cat to understand the structure — both had roughly 100 lines of what looked like passwords. Tried a few wrong approaches...</summary> </entry> </feed>
