kevin suckiel

When it comes to certification’s the OSCP is the gorilla sitting in the corner. It’s a behemoth of an exam, testing your technical abilities, mental strength and creative thinking skills all under the careful eye of a proctor for 24 hours. Add to that, Offensive Security is super tight lipped about the exam and for […]

After Cronos gave me enough trouble between the SQLi and the reverse shell I wanted something I thought would be straightforward. So I went with Blue which if I can bet involves EternalBlue! Right to it with NMAP: An older version of SMB, lets poke around. Bingo. I really wanted to do this in Python2 […]

In Cronos we get exposed to some new and some old! Some DNS enumeration followed by SQLi with a bit of OS command execution will get us on the box. Privesc we abuse a particular cronjob. First, our can: 22,53,80! DNS enumeration: First step is to resolve the IPs of Cronos, use nslookup Any time […]

Back at it with HTB Bounty. Once again we are attacking IIS. Lets begin: Or initial nmap scan only shows 1 port open: PORT 80 And all we get is a picture of merlin: It leads us to two different directories /transfer.aspx (Status: 200) /uploadedfiles (Status: 301) For the /transfer.aspx site I can upload files […]

Welcome to valentine and this gave me some trouble. I know people say it’s on the easier side of things but something about it took me a while to figure out what made this box tick. This machine is vulnerable to Heartbleed, which we will use to grab an SSH key and move on to […]

In this machine from HTB, we get exposed to a few different elements around webhosting and ftp. We wil; eventually notice that the FTP directory (which we can log in anonymously too) is also the webroot. We upload a shell and continue our enumeration on the machine searching for a way to escalate our privileges. […]

Between the last box (Legacy) and this one, I wasn’t too thrilled. This box was very fun but for some reason my connection was marred by lag and high latency and it made the whole experience more difficult than it had to be. I liked this box because it exploited a service that was unknown […]

Legacy, a really old box from HTB that I did fairly quickly and didn’t take too many screenshots. Right down to the dirty, Legacy is vulnerable to MS08-067 and MS17-010. I went with the old school MS08 and exploit and had no issues getting root. Walkthrough Legacy is located at 10.10.10.4 A basic scan shows […]