computers Hack The Box: Sightless Recon NMAP Interesting things: * FTP -ProFTPD * SSH * Web server at sightless.htb Web Server Did some virtual host brute forcing that did not turn up anything new. Directory scanning I found the icones directory. This just 403s, not useful. The page has a link to http://sqlpad.sightless.htb/ SQLPad
computers SANS 2024 Holiday Hack Challenge - Act 2 Continuing the challenge after the Prologue and Act 1 this set of challenges is set in the North Pole DMZ it seems. Mobile Analysis Eve Snowhoses has provided us with a debug and release version of an Android app called Santa Swipe for managing the Naughty/Nice List. The first
computers SANS 2024 Holiday Hack Challenge - Act 1 See my previous post for the Prologue. After departing the Geese Islands, we make our way back to the North Pole for some new challenges so help find Santa. cURLing The first part of this challenge is just some simple curl-foo that isn't too difficult. The man page
computers SANS 2024 Holiday Hack Challenge - Prologue If you aren't familiar, I highly suggest taking a look at the 2024 SANS Holiday Hack Challenge and the previous years as well. These challenges are so well put together and cover very modern and applicable topics in security. This year, the challenge is split into four time-released
computers Hack The Box: Editorial Recon NMAP Web Port The web page appears to be a book review site. The "Publish with us" page allows for some info entry and a file upload. The "About" page includes and additional domain tiempoarriba.htb Initial Access Upload Page The "Cover URL"
computers Hack The Box: BoardLight I just wanted a quick win, so I decided to go for one of the easy boxes today. Recon My initial scan reveals just SSH and a web site open. As expected, we have a website with some clues and functionality to test. * Email: [email protected] * Newsletter signup * Request
computers SolarLab Recon Ooohhh, a Windows machine! The website is for an instant messaging app called SolarLab IM. Things to try from here: * Web app exploration * Subdomain brute * Path brute * Functionality * Host * SMB user/pass brute force * Interesting port 6791 Web App Exploration Potential usernames from employee names: * Alexander Knight * Claudia Springer
computers Hack The Box: Intuition This is a big of a slog and rambling run through of this challenge. This one was hard for me due to the high number of avenues required to be investigated for root. There were red herrings and many necessary paths to explore. Recon Looks like the web service on
computers Cobalt Strike C2 Profiles - HTTP Cobalt Strike does provide documentation on creating and editing C2 profiles but the documentation is limited and not clear in places. This is an attempt to clarify some of the areas that confused me initially. Context This specifically focuses on the HTTP GET and HTTP POST definitions; C2 Profiles control
computers Hack The Box: Sau Enumeration Port 80 doesn't give me anything but port 55555 reveals what looks like a Python-based web app. The application appears to be some sort of app to inspect HTTP requests that are sent to the application. There is a function to enter a master token that allows
computers Hack The Box: Keeper Enumeration As always, start off with an NMAP Scan Just 80 and 22 open today. We will start by enumerating the web app. To make some of this work easier, I am going to add keeper.htb and tickets.keeper.htb to my hosts file. Navigating to the linked site
computers Hack the Box: Inject Enumeration Browsing to the webpage on port 8080 lands at a "Zodd Cloud" product page. There seems to be signup and sign in functionality that will be worth exploring. None of the links work except signup, which lands at an Under Construction page. Oh, but there is an
azure Broken Azure I saw this link posted on LinkedIn with a collection of free cloud training resources and decided to try my hand at some of the Azure ones given my relative lack of familiarity with Azure versus GCP and AWS. Kind of going in order, I decided to start with Secura&
computers Hack the Box: Busqueda Initial Recon Conduct typical initial portscan └─$ nmap 10.10.11.208 Starting Nmap 7.93 ( https://nmap.org ) at 2023-04-26 11:13 EDT Nmap scan report for 10.10.11.208 Host is up (0.089s latency). Not shown: 998 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open
computers Hack The Box: Precious Initial Enumeration A simple NMAP scan to just get the lay of the land initially. Only two ports appear to be open. SSH appears to allow for password auth, and the web port hosts a page that allegedly converts pages to PDFs. Brute forcing additional pages on the web server
computers Hack The Box: Previse NMAP shows that ports 80 and 22 are open. The site at port 80 is a login page to a File Storage site. Running GoBuster against the site reveals several additional pages that although they redirect back to the main login page, do indeed have content as well. Specifically: * accounts.
computers Return To Hack The Box - BountyHunter After a several year hiatus from Hack The Box, I decided to jump back in and take a look. Here is the write-up for Bounty Hunter BountyHunter Initial nmap scan indicates ports 22 and 80 are open. Browsing the page on port 80, there is a "Portal" section
computers Hack The Box: Irked Irked: Retired If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. Enumeration My initial enumeration returned a handful of
computers SANS Holiday Hack 2018 I have to be honest, life is just too busy this year for me to actually write a full report in the context of the story. Suffice it to say, I really enjoyed this year's challenge, much better than last year in terms of not having to actually
computers Hack The Box: Jerry Jerry: Retired 17 November 2018 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. This box was almost too
computers Hack The Box: DevOops DevOops: Retired 13 October 2018 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. Been a while since I
computers theHarvester For Open Source Recon I was using theHarvester the other day and had to do a little extra work to get the data I wanted out of the results. There are plenty of posts out there about how excatly to use theHarvester so I am not covering that. The current version from theHarvester GitHub
computers Hack The Box - Bashed Bashed: Retired 28 April 2018 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. Bashed was one of the
computers SANS SEC660 - Advanced Penetration Testing, Exploit Writing, and Ethical Hacking UPDATE: I took my exam and PASSED! I felt that the actual exam was a bit harder than the practice tests but I also get my best score out of the three. The material covered in class is great but you really have to have read the text in the
computers Hack The Box - Sense Sense: Retired 24 March 2018 If you are interested in learning more about penetration testing, Hack the Box is a great way to get your feet wet in a legal and well built environment. Head over to hackthebox.eu [https://hackthebox.eu] to get started. Sense was an easier box
