I have been blogging on and off for a while now. Most of the time I did it in English, which is, as you may have guessed, not my mother tongue. The old King I did so, because English is the main language for tech, and I blog about tech. This seemed like an obvious choice. However, I am about to change that. Indeed, starting now, I’ll blog (mainly) in French.
Intro During this box, we’ll exploit an outdated version of Drupal in order to get an initial shell. This will allow me to discover user credentials on the Drupal DB. Finally, I’ll get privesc thanks to an insecure sudo command (once again). Target HTB - Armageddon Recon A quick look to the box info reveals it’s running Linux. Enum We run our classic nmap scan : 1 sudo nmap -sC -sV -oA scans\armageddon 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 sudo nmap -sC -sV -oA scans/nmap $attacker_ip Starting Nmap 7.
Intro This is an easy Linux box, where I had to get user through a forgotten “backup” on a dev instance, then the privesc came from an unsecured sudo command… Sounds straightforward ? Well, not that much! Target HTB - Spectra Recon A quick look to the box info reveals that it is a Linux’s box, and that’s it! Enum We run our classic nmap scan : 1 sudo nmap -sC -sV -oA scans\spectra 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Starting Nmap 7.
Intro Target HTB - ScriptKiddie Recon Initial recon tells us the box is running Linux, and that’s about it! Enum During the enum phase 1 sudo nmap -sC -sV -oA scans/fast $target_ip 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 # Nmap 7.91 scan initiated Mon May 17 15:00:50 2021 as: nmap -sC -sV -oA scans/fast $target_ip Nmap scan report for $target_ip Host is up (0.
For the first time in my life, a few days ago, I lost my phone and it was most probably stolen a few minutes later… So what went wrong, and what went right and how is a life without a phone in 2020? What went wrong? I lost my phone, this is clearly what went wrong! Ok, just kidding, I’ll tell you what went really wrong once I no longer had my phone.
Intro This box looks promising, featuring a real life CMS, Joomla, and one that is quite often in the wild too! It is even a CMS I used several years ago, for one of my blog! Let’s see right now, if we can get in! Target THM - DailyBugle Recon Quick recon according to logo and info : Linux ; Joomla CMS, SQLi ; Privesc via yum. Enum Usual nmap scan :