HTB - Armageddon without MetaSploit

Intro During this box, we’ll exploit an outdated version of Drupal in order to get an initial shell. This will allow me to discover user credentials on the Drupal DB. Finally, I’ll get privesc thanks to an insecure sudo command (once again). Target HTB - Armageddon Recon A quick look to the box info reveals it’s running Linux. Enum We run our classic nmap scan : sudo nmap -sC -sV -oA scans\armageddon sudo nmap -sC -sV -oA scans/nmap $attacker_ip Starting Nmap 7.

HTB - Spectra without MetaSploit

Intro This is an easy Linux box, where I had to get user through a forgotten “backup” on a dev instance, then the privesc came from an unsecured sudo command… Sounds straightforward ? Well, not that much! Target HTB - Spectra Recon A quick look to the box info reveals that it is a Linux’s box, and that’s it! Enum We run our classic nmap scan : sudo nmap -sC -sV -oA scans\spectra Starting Nmap 7.

HTB - ScriptKiddie

Intro Target HTB - ScriptKiddie Recon Initial recon tells us the box is running Linux, and that’s about it! Enum During the enum phase sudo nmap -sC -sV -oA scans/fast $target_ip # Nmap 7.91 scan initiated Mon May 17 15:00:50 2021 as: nmap -sC -sV -oA scans/fast $target_ip Nmap scan report for $target_ip Host is up (0.037s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.

Lessons learned from a lost phone

For the first time in my life, a few days ago, I lost my phone and it was most probably stolen a few minutes later… So what went wrong, and what went right and how is a life without a phone in 2020? What went wrong? I lost my phone, this is clearly what went wrong! Ok, just kidding, I’ll tell you what went really wrong once I no longer had my phone.

THM - DailyBugle without MetaSploit

Intro This box looks promising, featuring a real life CMS, Joomla, and one that is quite often in the wild too! It is even a CMS I used several years ago, for one of my blog! Let’s see right now, if we can get in! Target THM - DailyBugle Recon Quick recon according to logo and info : Linux ; Joomla CMS, SQLi ; Privesc via yum. Enum Usual nmap scan :

HTB - Bastard without MetaSploit

Intro Let’s up the game a little bit and attack a medium rated box for the very first time! Target HTB - Bastard Recon A quick look to the box info reveals : Windows box ; Misc : php, web, patch management. I assume this will be about an outdated PHP application running under Windows. Enum We run our classic nmap scan : sudo nmap -T4 -A -p- -oA scan $target_ip Host discovery disabled (-Pn).

THM - Skynet without MetaSploit

Intro A new, mysterious box. It is Terminator themed, but I have no idea what it will reveal Let’s dive in! Target THM - Skynet Recon Not much recon here. Contrary to our previous targets which were “training boxes”, this one is doesn’t hold your hand. Let’s directly enumerate it! Enum Usual nmap scan : sudo nmap -T4 -A -p- -oA scan $target_ip | smb-os-discovery: | OS: Windows 6.1 (Samba 4.

Blogging With VSCode

In a previous post, I explained why I left Wordpress and how I did the move to Hugo. Now, let me explain how I write my articles. Blogging in Markdown One of the main reason that me want to change what I used to do for several years was Markdown. I love the simplicity of this format, and it gives me great flexibility! I can start writing an article at home in my IDE, and continue it on my mobile phone, or from any computer using an SSH access.

THM - GameZone

Intro Trying to get a change from HTB, today I’ll write about a THM box! And this time, we’ll also have a look at SQLi! Target THM - GameZone Recon Quick recon according to logo and info : Linux ; Misc: SSH, SQLi (which means a web server). Enum Let’s start a full nmap scan : sudo nmap -T4 -A -p- -oA scan $target_ip Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.

THM - HackPark without MetaSploit

Intro New box, new tools, looks like we are going to crack credentials! Let’s do it right now. Target THM - HackPark Recon According to the preview picture of the video, we will face : Windows box ; Misc : Hydra, RCE, WinPEAS. So, probably some credentials cracking with Hydra in order to get initial access, then an RCE to get limited shell, and finally WinPEAS to elevate our privileges to SYSTEM.