HTB - ScriptKiddie

Intro Target HTB - ScriptKiddie Recon Initial recon tells us the box is running Linux, and that’s about it! Enum During the enum phase sudo nmap -sC -sV -oA scans/fast $target_ip # Nmap 7.91 scan initiated Mon May 17 15:00:50 2021 as: nmap -sC -sV -oA scans/fast $target_ip Nmap scan report for $target_ip Host is up (0.037s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.

Lessons learned from a lost phone

For the first time in my life, a few days ago, I lost my phone and it was most probably stolen a few minutes later… So what went wrong, and what went right and how is a life without a phone in 2020? What went wrong? I lost my phone, this is clearly what went wrong! Ok, just kidding, I’ll tell you what went really wrong once I no longer had my phone.

THM - DailyBugle without MetaSploit

Intro This box looks promising, featuring a real life CMS, Joomla, and one that is quite often in the wild too! It is even a CMS I used several years ago, for one of my blog! Let’s see right now, if we can get in! Target THM - DailyBugle Recon Quick recon according to logo and info : Linux ; Joomla CMS, SQLi ; Privesc via yum. Enum Usual nmap scan :

HTB - Bastard without MetaSploit

Intro Let’s up the game a little bit and attack a medium rated box for the very first time! Target HTB - Bastard Recon A quick look to the box info reveals : Windows box ; Misc : php, web, patch management. I assume this will be about an outdated PHP application running under Windows. Enum We run our classic nmap scan : sudo nmap -T4 -A -p- -oA scan $target_ip Host discovery disabled (-Pn).

THM - Skynet without MetaSploit

Intro A new, mysterious box. It is Terminator themed, but I have no idea what it will reveal Let’s dive in! Target THM - Skynet Recon Not much recon here. Contrary to our previous targets which were “training boxes”, this one is doesn’t hold your hand. Let’s directly enumerate it! Enum Usual nmap scan : sudo nmap -T4 -A -p- -oA scan $target_ip | smb-os-discovery: | OS: Windows 6.1 (Samba 4.

Blogging With VSCode

In a previous post, I explained why I left Wordpress and how I did the move to Hugo. Now, let me explain how I write my articles. Blogging in Markdown One of the main reason that me want to change what I used to do for several years was Markdown. I love the simplicity of this format, and it gives me great flexibility! I can start writing an article at home in my IDE, and continue it on my mobile phone, or from any computer using an SSH access.

THM - GameZone

Intro Trying to get a change from HTB, today I’ll write about a THM box! And this time, we’ll also have a look at SQLi! Target THM - GameZone Recon Quick recon according to logo and info : Linux ; Misc: SSH, SQLi (which means a web server). Enum Let’s start a full nmap scan : sudo nmap -T4 -A -p- -oA scan $target_ip Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.

THM - HackPark without MetaSploit

Intro New box, new tools, looks like we are going to crack credentials! Let’s do it right now. Target THM - HackPark Recon According to the preview picture of the video, we will face : Windows box ; Misc : Hydra, RCE, WinPEAS. So, probably some credentials cracking with Hydra in order to get initial access, then an RCE to get limited shell, and finally WinPEAS to elevate our privileges to SYSTEM.

HTB - Nibbles without MetaSploit

Intro Easy box, according to HTB notation, also not a very good user’s rating. Let’s see what it is about! Target HTB - Nibbles Recon Quick recon according to logo and info : Linux box ; Misc : web, misconfiguration. Enum Classic nmap scan : sudo nmap -T4 -A -p- -oA scan $target_ip Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-17 16:42 CET Nmap scan report for $target_ip Host is up (0.

HTB - Devel without MetaSploit

Intro Pretty fast and obvious box. Let me guide through my pwn: Target HTB - Devel Recon Usual recon here, based on logo and info : Windows box ; Misc : FTP, Arbitrary file upload. Enum We run our classic nmap scan : sudo nmap -T4 -A -p- -oA nmap $target_ip # Nmap 7.91 scan initiated Tue Feb 16 14:42:03 2021 as: nmap -T4 -A -p- -oA nmap $target_ip Nmap scan report for $target_ip Host is up (0.