HTB - Nibbles without MetaSploit

Intro Easy box, according to HTB notation, also not a very good user’s rating. Let’s see what it is about! Target HTB - Nibbles Recon Quick recon according to logo and info : Linux box ; Misc : web, misconfiguration. Enum Classic nmap scan : sudo nmap -T4 -A -p- -oA scan $target_ip Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-17 16:42 CET Nmap scan report for $target_ip Host is up (0.

HTB - Devel without MetaSploit

Intro Pretty fast and obvious box. Let me guide through my pwn: Target HTB - Devel Recon Usual recon here, based on logo and info : Windows box ; Misc : FTP, Arbitrary file upload. Enum We run our classic nmap scan : sudo nmap -T4 -A -p- -oA nmap $target_ip # Nmap 7.91 scan initiated Tue Feb 16 14:42:03 2021 as: nmap -T4 -A -p- -oA nmap $target_ip Nmap scan report for $target_ip Host is up (0.

Going from WordPress to Hugo and GitHub Actions!

I finally did it! After years thinking about it, I finally migrated my Wordpress website to a static website! It was painful, but I am really happy I did it. Why change? I got fed up with Wordpress being full of “stuff”, loading a webpage took ages (well, seconds…, but still too much) while my content is mostly text and a few small images. Moreover, I wanted to be able to write my posts using Markdown.

HTB - NetMon without MetaSploit

Intro An easy box according to HTB ranking and a not so easy one according to this site. For me, it was really painful. Let me overshare! Target HTB - NetMon Recon Quick recon based on HTB logo and info : Windows box ; Misc info : web, PowerShell, file misconfiguration ; Probably runs PRTG NetWork Monitor tool. Enum sudo nmap -T4 -A -p- -oA nmap $target_ip Starting Nmap 7.

THM - Alfred

Intro Without further ado, let’s get started and see what this box is made of! Target THM - Alfred Recon From the box logo and description we can discover that : Target runs Windows ; Target runs Jenkins. Let’s go! Enum Let’s start a basic nmap scan : sudo nmap -T4 -A -p- -oA nmap $target_ip Unfortunately, nmap will complain that Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn.

HTB - OpenAdmin without MetaSploit

Intro The importance to also patch your “applications”, and not just your services. Target HTB - OpenAdmin Recon Again, this is an HTB box, so recon is mainly active, and I feel like active recon == enum. Still, we can check : Name of the box : OpenAdmin ; OS “type”, : Linux : Hints given on HTB website, information section : Enum As always, we start with an nmap scan :

HTB - Blue without MetaSploit

Intro A good ol' vuln to get starting! This will be my first real tutorial, so I’ll try to explain the basics of what I am doing. Please bear in mind that I am very new to hacking, probably like you are. I am merely sharing my knowledge and by doing so I am making sure I understood what I did. Please correct me if you find anything wrong, or ask question if you need to!

Starting my hacking journey, hopefully!

It’s been a while since I wrote here, hopefully I will be able to write more often and hopefully too I will be able to finally get into hacking properly. Bosom buddies I have been interested by InfoSec for many years. It mostly started a bit more than 10 years ago when I was reading a lot about pentesting : Kali was called BackTrack then, I played a lot with it and MetaSploit.

Hello FastMail, Goodbye ProtonMail

After a bit more than a year using ProtonMail, I couldn’t bear it anymore… I was really pissed by its lack of “usability”. Even though I had almost 1 year left, I made the switch to FastMail, and I couldn’t have been happier. Let me explain. ProtonMail isn’t bad… However, there is a few issues, that overtime really grew over me. First and foremost, the non standard protocols! ProtonMail doesn’t use IMAP(s)/SMTP(s).

Manage VMware snapshots with PowerCLI

Manually taking a snapshot under VMware is easy : connect to the HTML5 Web UI, find the server from the list, right click, select Snapshot, Name it… However, when you have to do it several times in a row, it becomes really frustrating. Let’s see how to improve that. Here comes PowerCLI VMware released an awesome (and I am Linux guy) tool to manage your virtual machines from the command line.