kevin suckiel

0xsu3ks

  • home
  • whoami
  • blog
  • Cracking the OSCP

    When it comes to certification’s the OSCP is the gorilla sitting in the corner. It’s a behemoth of an exam, testing your technical abilities, mental strength and creative thinking skills all under the careful eye of a proctor for 24 hours. Add to that, Offensive Security is super tight lipped about the exam and for […]

    0xsu3ks

    January 13, 2022
    Uncategorized
  • HTB – Blue

    After Cronos gave me enough trouble between the SQLi and the reverse shell I wanted something I thought would be straightforward. So I went with Blue which if I can bet involves EternalBlue! Right to it with NMAP: An older version of SMB, lets poke around. Bingo. I really wanted to do this in Python2 […]

    0xsu3ks

    December 2, 2021
    Uncategorized
  • HTB – Cronos

    In Cronos we get exposed to some new and some old! Some DNS enumeration followed by SQLi with a bit of OS command execution will get us on the box. Privesc we abuse a particular cronjob. First, our can: 22,53,80! DNS enumeration: First step is to resolve the IPs of Cronos, use nslookup Any time […]

    0xsu3ks

    December 2, 2021
    Uncategorized
  • HTB – Bounty

    Back at it with HTB Bounty. Once again we are attacking IIS. Lets begin: Or initial nmap scan only shows 1 port open: PORT 80 And all we get is a picture of merlin: It leads us to two different directories /transfer.aspx (Status: 200) /uploadedfiles (Status: 301) For the /transfer.aspx site I can upload files […]

    0xsu3ks

    November 29, 2021
    Uncategorized
  • HTB – Valentine

    Welcome to valentine and this gave me some trouble. I know people say it’s on the easier side of things but something about it took me a while to figure out what made this box tick. This machine is vulnerable to Heartbleed, which we will use to grab an SSH key and move on to […]

    0xsu3ks

    November 29, 2021
    Uncategorized
  • HTB – Devel

    In this machine from HTB, we get exposed to a few different elements around webhosting and ftp. We wil; eventually notice that the FTP directory (which we can log in anonymously too) is also the webroot. We upload a shell and continue our enumeration on the machine searching for a way to escalate our privileges. […]

    0xsu3ks

    November 29, 2021
    Uncategorized
  • HTB – Sunday

    Between the last box (Legacy) and this one, I wasn’t too thrilled. This box was very fun but for some reason my connection was marred by lag and high latency and it made the whole experience more difficult than it had to be. I liked this box because it exploited a service that was unknown […]

    0xsu3ks

    November 11, 2021
    Uncategorized
  • HTB – Legacy

    Legacy, a really old box from HTB that I did fairly quickly and didn’t take too many screenshots. Right down to the dirty, Legacy is vulnerable to MS08-067 and MS17-010. I went with the old school MS08 and exploit and had no issues getting root. Walkthrough Legacy is located at 10.10.10.4 A basic scan shows […]

    0xsu3ks

    November 11, 2021
    Uncategorized
  • HTB – Shocker

    Here is Shocker. Fairly straightforward since the name literally tells you what the box is vulnerable to. Regardless a great box to reinforce some basic concepts such as enumeration, enumerating strange directories and learning more about what the heck /cgi-bin/ is and what it’s capable of. In a nutshell we find two open ports, a […]

    0xsu3ks

    November 11, 2021
    Uncategorized
    cgi-bin, HTB, shellshock, tjnull
  • Hacking LIDAR Guns

    Disclaimer: All information contained in this post is for educational purposes only. This article is a recap from a discussion that took place during DEFCON 27 by Bill Swearingen titled ‘HAKC The Police’. Hardware hacking is not currently my strong suit. Don’t get me wrong the drive is there to learn, it’s just hard to […]

    0xsu3ks

    October 23, 2021
    Uncategorized
    Hacking, hardware
1 2
Next Page→

Create a website or blog at WordPress.com

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • kevin suckiel
    • Already have a WordPress.com account? Log in now.
    • kevin suckiel
    • Edit Site
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar