-
Cracking the OSCP
When it comes to certification’s the OSCP is the gorilla sitting in the corner. It’s a behemoth of an exam, testing your technical abilities, mental strength and creative thinking skills all under the careful eye of a proctor for 24 hours. Add to that, Offensive Security is super tight lipped about the exam and for […]
-
HTB – Blue
After Cronos gave me enough trouble between the SQLi and the reverse shell I wanted something I thought would be straightforward. So I went with Blue which if I can bet involves EternalBlue! Right to it with NMAP: An older version of SMB, lets poke around. Bingo. I really wanted to do this in Python2 […]
-
HTB – Cronos
In Cronos we get exposed to some new and some old! Some DNS enumeration followed by SQLi with a bit of OS command execution will get us on the box. Privesc we abuse a particular cronjob. First, our can: 22,53,80! DNS enumeration: First step is to resolve the IPs of Cronos, use nslookup Any time […]
-
HTB – Bounty
Back at it with HTB Bounty. Once again we are attacking IIS. Lets begin: Or initial nmap scan only shows 1 port open: PORT 80 And all we get is a picture of merlin: It leads us to two different directories /transfer.aspx (Status: 200) /uploadedfiles (Status: 301) For the /transfer.aspx site I can upload files […]
-
HTB – Valentine
Welcome to valentine and this gave me some trouble. I know people say it’s on the easier side of things but something about it took me a while to figure out what made this box tick. This machine is vulnerable to Heartbleed, which we will use to grab an SSH key and move on to […]
-
HTB – Devel
In this machine from HTB, we get exposed to a few different elements around webhosting and ftp. We wil; eventually notice that the FTP directory (which we can log in anonymously too) is also the webroot. We upload a shell and continue our enumeration on the machine searching for a way to escalate our privileges. […]
-
HTB – Sunday
Between the last box (Legacy) and this one, I wasn’t too thrilled. This box was very fun but for some reason my connection was marred by lag and high latency and it made the whole experience more difficult than it had to be. I liked this box because it exploited a service that was unknown […]
-
HTB – Legacy
Legacy, a really old box from HTB that I did fairly quickly and didn’t take too many screenshots. Right down to the dirty, Legacy is vulnerable to MS08-067 and MS17-010. I went with the old school MS08 and exploit and had no issues getting root. Walkthrough Legacy is located at 10.10.10.4 A basic scan shows […]
-
HTB – Shocker
Here is Shocker. Fairly straightforward since the name literally tells you what the box is vulnerable to. Regardless a great box to reinforce some basic concepts such as enumeration, enumerating strange directories and learning more about what the heck /cgi-bin/ is and what it’s capable of. In a nutshell we find two open ports, a […]
-
Hacking LIDAR Guns
Disclaimer: All information contained in this post is for educational purposes only. This article is a recap from a discussion that took place during DEFCON 27 by Bill Swearingen titled ‘HAKC The Police’. Hardware hacking is not currently my strong suit. Don’t get me wrong the drive is there to learn, it’s just hard to […]