Intro Let’s up the game a little bit and attack a medium rated box for the very first time! Target HTB - Bastard Recon A quick look to the box info reveals : Windows box ; Misc : php, web, patch management. I assume this will be about an outdated PHP application running under Windows. Enum We run our classic nmap scan : 1 sudo nmap -T4 -A -p- -oA scan $target_ip 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 Host discovery disabled (-Pn).

Intro A new, mysterious box. It is Terminator themed, but I have no idea what it will reveal Let’s dive in! Target THM - Skynet Recon Not much recon here. Contrary to our previous targets which were “training boxes”, this one is doesn’t hold your hand. Let’s directly enumerate it! Enum Usual nmap scan : 1 sudo nmap -T4 -A -p- -oA scan $target_ip 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | smb-os-discovery: | OS: Windows 6.

In a previous post, I explained why I left Wordpress and how I did the move to Hugo. Now, let me explain how I write my articles. Blogging in Markdown One of the main reason that me want to change what I used to do for several years was Markdown. I love the simplicity of this format, and it gives me great flexibility! I can start writing an article at home in my IDE, and continue it on my mobile phone, or from any computer using an SSH access.

Intro Trying to get a change from HTB, today I’ll write about a THM box! And this time, we’ll also have a look at SQLi! Target THM - GameZone Recon Quick recon according to logo and info : Linux ; Misc: SSH, SQLi (which means a web server). Enum Let’s start a full nmap scan : 1 sudo nmap -T4 -A -p- -oA scan $target_ip 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 Host discovery disabled (-Pn).

Intro New box, new tools, looks like we are going to crack credentials! Let’s do it right now. Target THM - HackPark Recon According to the preview picture of the video, we will face : Windows box ; Misc : Hydra, RCE, WinPEAS. So, probably some credentials cracking with Hydra in order to get initial access, then an RCE to get limited shell, and finally WinPEAS to elevate our privileges to SYSTEM.

Intro Easy box, according to HTB notation, also not a very good user’s rating. Let’s see what it is about! Target HTB - Nibbles Recon Quick recon according to logo and info : Linux box ; Misc : web, misconfiguration. Enum Classic nmap scan : 1 sudo nmap -T4 -A -p- -oA scan $target_ip 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 Starting Nmap 7.