• Curling – HackTheBox writeup
    Curling is a retired vulnerable Linux machine available from HackTheBox. The machine maker is L4mpje, thank you. It has an Easy difficulty with a rating of 4.4 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is to obtain root shell together with both user & […]
  • Remote – HackTheBox writeup
    Remote is a retired vulnerable Windows machine available from HackTheBox. The machine maker is mrb3n, thank you. It has an Easy difficulty with a rating of 4.7 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. No automated tools are needed. The goal is to obtain root shell […]
  • Jarvis – HackTheBox writeup
    Jarvis is a retired vulnerable machine available from HackTheBox. The machine maker is manulqwerty & Ghostpp7, thank you. It has a Medium difficulty with a rating of 4.9 out of 10. I think it’s somewhat between easy & medium. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is […]
  • Mirai – HackTheBox writeup
    Mirai is a retired vulnerable machine available from HackTheBox. The machine maker is Arrexel, thank you. It is a pretty easy machine with a difficulty rating of 3.7 out of 10. No automated tools are required to solve the machine. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal […]
  • Writeup – HackTheBox writeup
    Exploitation Summary Initial Exploitation Vulnerability: SQL Injection vulnerability of CMS Made Easy Explanation: CMS Made Easy version 2.2.9.1 has a SQL Injection vulnerability that results in exposure to login id and password hash Privilege Escalation Vulnerability: Hijack Command Execution by Path Interception Explanation: A writable bin folder exists in the execution search PATH and is […]
  • Irked – HackTheBox writeup
    Exploitation Summary Initial Exploitation Vulnerability: Backdoor Command Execution of UnrealIRCD Explanation: A malicious backdoor was added to UnrealIRCD version 3.2.8.1 Privilege Escalation Vulnerability: suid executable viewuser Explanation: It can execute as root and is looking for another command to execute in which we can exploit Enumeration nmap -p- -A -T4 10.10.10.117 TCP 22: OpenSSH 6.7p1 […]
  • SwagShop – HackTheBox writeup
    Exploitation Summary Initial Exploitation Vulnerability: Remote code execution via Magento Explanation: Magento has couple remote code execution vulnerabilities allowing admin account creation and then code execution through admin account Privilege Escalation Vulnerability: sudo vi capability Explanation: shell can be obtained through vi Enumeration nmap -p- -A -T4 10.10.10.140 TCP 22: OpenSSH 7.2p2 Ubuntu TCP 80: […]
  • Jarbas 1 – vulnhub walkthrough
    VM: Jarbas 1 Goal: Obtain root shell Approach: solve without automated exploitation tools Target Discovery nmap -sn 192.168.172.200-254 Port Scanning nmap -p- -A 192.168.172.238 Port 22: OpenSSH 7.4 Port 80: Apache httpd 2.4.6 Port 3306: mysql (MariaDB) port 8080: http (Jetty 9.4.z-SNAPSHOT) Enumeration First browse through the main website which found nothing of interests. All […]
  • Jeeves – HackTheBox writeup
    Exploitation Summary Initial Exploitation Vulnerability: Remote code execution via Jenkins Script Console Explanation: Jenkins management console is available without login and resulted in code execution through the Script Console Privilege Escalation Vulnerability: Weak master password of keepass file Explanation: keepass is used to store credentials including some administrative credentials. However, weak password is used to […]
  • Bitlab – HackTheBox writeup
    Target IP: 10.10.10.114 Exploitation Summary Initial Exploitation Vulnerability: Security through obscurity Explanation: Credentials are obscured in javascript function within the website. Privilege Escalation Vulnerability: sudo git pull Explanation: hook script for post-merge can be defined to perform code execution as root Enumeration nmap -p- -A -T4 10.10.10.114 TCP 22: OpenSSH 7.6p1 TCP 80: nginx Initial […]
  • Craft – HackTheBox writeup
    Target IP: 10.10.10.110 Exploitation Summary Initial Exploitation Vulnerability: Command execution on /api/brew.py Explanation: The api script is testing ABV parameter to ensure value is less than or equal to 1.0. However eval function is used that allows code injection. Privilege Escalation (user) Vulnerability: critical information stored in git Explanation: ssh private key is stored in […]
  • My journey to pass OSCP in 3 months
    It’s a painful, yet wonderful and fun journey in summary. It’s full blown practical. You can’t just read some books, practice some multiple choice questions and pass the exam. You have to immense yourself in practice, practice and practice. It’s roller coaster in emotion. It’s frustrating, depressing and humiliating when I get stuck and going […]
  • Dina 1.0.1 – vulnhub walkthrough
    VM: Dina 1.0.1 Goal: acquire root access Approach: solve without automated exploitation tools Enumeration Target Discovery First locate the IP address of my target: nmap -n -sn 192.168.172.200- Port Scanning nmap -P- -A 192.168.172.234 Ports Service/Banner TCP: 80 Apache 2.2.22 (Ubuntu) Let’s look at the website. There’s a few folders found by nmap. Then only […]
  • Kioptrix Level 1 – vulnhub walkthrough
    VM: Kioptrix: Level 1 Goal: acquire root access Approach: solve without automated exploitation tools Target discovery First step is to locate the IP address of my target: nmap -n -sn 192.168.172.200-254 Enumeration Target: 192.168.172.233 Now I use nmap to scan through all TCP ports nmap -p- 192.168.172.233 Then do a more detail scan on open […]
  • Tr0ll 1 – vulnhub walkthrough
    VM: Tr0ll: 1 Goal: acquire root access Approach: solve without automated exploitation tools Enumeration Target Discovery First locate the IP address of my target: nmap -n -sn 192.168.172.200- Port Scanning nmap -P- -A 192.168.172.232 Ports Service/Banner TCP: 21 vsftpd 3.0.2 TCP: 22 OpenSSH 6.6.1p1 Ubuntu 2ubuntu2 TCP: 80 Apache 2.4.7 Checkout website Lol, there isn’t […]
  • pWnOS – vulnhub walkthrough
    VM: pWnOS Goal: acquire root access Approach: solve without automated exploitation tools Network IP address fix for VMware If the VM does not obtain an IP address automatically. do the following to fix it: Reset the root password login to Holynix as root run command: rm /etc/udev/rules.d/70-persistent-net.rules reboot Holynix: shutdown -r 0 After doing this, […]
  • Bashed – HackTheBox writeup
    Target: 10.10.10.68 Goal: Root access Port Scanning nmap -p- -A 10.10.10.68 Port 80/tcp: Apache httpd 2.4.18 Enumeration Directory scan using gobuster gobuster -u http://10.10.10.68/ -w common.txt -s “200,204,301,302,307,401,403” -x “txt,html,php,jsp” First browse around the website and follow the links. Does not find anything of interests. Then I check the folders found by gobuster and notice […]
  • Shocker – HackTheBox writeup
    Target: 10.10.10.56 Goal: Root access Port Scanning nmap -p- -A 10.10.10.56 Port 80/tcp: Apache httpd 2.4.18 Port 2222/tcp: SSH (OpenSSH 7.2p2 Ubuntu 4ubuntu2.2) Enumeration Let’s look at the website: Only an image. There’s no other information or links. Let’s use gobuster to see any hidden files or directories: gobuster -u http://10.10.10.56:80/ -w /usr/share/seclists/Discovery/Web-Content/common.txt -e -k […]
  • Holynix v1 – vulnhub walkthrough
    VM: Holynix: v1 Goal: acquire root access Approach: solve without automated exploitation tools Network IP address fix When I start the Holynix virtual machine using VMware Workstation 15 Player, the VM does not obtain an IP address automatically. I did the following to fix this issue: Reset the root password login to Holynix as root […]
  • Reset Linux root password using Kali live
    Reset Linux root password is not hard if you have physical access to the Linux box. All you need is Kali live CD (or other Linux live CD). This guide will show you how to reset Linux root password on VMware Linux virtual machine. But it’s exactly the same process on a physical Linux box. […]
  • LAMPSecurity: CTF5 – vulnhub walkthrough
    VM: LAMPSecurity: CTF5 Goal: Gain root access Approach: solve without automated exploitation tools Target Discovery nmap -sn 192.168.172.200-254 Port Scanning nmap -p- -A 192.168.172.240 Port 22: OpenSSH 4.7 Port 25: SMTP Port 80: Apache httpd 2.2.6 Port 110: pop3 ipop3d 2006k.101 Port 111: RPC #100000 Port 139: Samba smbd 3.X – 4.X (workgroup: MYGROUP) Port […]
  • LAMPSecurity: CTF4 – vulnhub walkthrough
    VM: LAMPSecurity: CTF4 Goal: Gain root access Approach: solve without automated exploitation tools Target Discovery nmap -sn 192.168.172.200-254 Port Scanning nmap -p- -A 192.168.172.237 Port 22: OpenSSH 4.3 Port 80: Apache httpd 2.2.0 Also found 5 hidden folders /mail/, /restricted/, /conf/, /sql/, /admin/ at port 80. Looks like web server should be checked out first. […]
  • How and where to start preparing for OSCP
    Update: Passed my OSCP exam in mid December. Check out my little writeups. Honestly, where to start? How to start so I won’t waste my effort or doing things in wrong order. I would like to have a general idea on how I may progress into gaining more knowledge & hands-on experience gradually. I have […]
  • My journey into ethical hacking
    Software development has been my strength and focus for as long as I started owning a computer. I enjoy building libraries, applications and systems that make things work. But I always have a passion on security. Not only to develop quality code to minimize bugs and vulnerabilities, but be also able to protect & defend […]
Close Menu