learning Relaxing for a bit, and learning at my pace I recently decided to take a bit of a break from work. I was overdoing it and burning out. It's working out for the best so far, and I'm feeling great. I slowed down and started learning at my own pace. Instead of forcing myself to
hackthebox HTB post-game recap -- Passage Passage was a cool box overall. The hardest part for me was privesc. I had to get a lead from a buddy to show me what I was looking for. He said something along the lines of "ride the bus." The rest was a ton of Googling anything
learning Hack the Box -- Passage This is a write up of Passage on Hack the Box. Nmap As always, we start with our basic Nmap scans. The results are below: nux@KakaLinpoop:~/Documents/htb/boxes/passage/nmap$ nmap -T4 10.10.10.206 -p 22,80 -sC -oN scriptScans Starting Nmap 7.91 ( https://nmap.
OSCP No Spoiler Review -- HTB Delivery Did Delivery on HacktheBox yesterday. I worked with a friend who is also studying for his OSCP, so we were able to build off of each other's progress. The machine is designed by IppSec, the dude who does HTB walkthrough videos on YouTube. Overall, I have to say
hackthebox Hack the Box -- Haircut This is a relatively easy box. Figured I'd do it since it was on the TJ Null list of OSCP-like boxes. Nmap We start with Nmap: nux@KakaLinpoop:~/Documents/htb/boxes/haircut/nmap$ cat scriptScan # Nmap 7.91 scan initiated Wed Dec 2 22:44:28 2020 as:
ssh When ya gotta run SSH on more than one port I was working on a HTB challenge recently, and I am positive that the first time I completed the machine a few months ago, SSH access out from the box was allowed. Seems something changed, or I dunno, I got lucky. Not sure. Either way when I was redoing the
htb Hack the Box -- Buff My writeup of Buff. It's taken from my GitHub notes, before I really started to focus on doing writeups. The original wasn't written with a blog post in mind, but I'll be updating the live post to fix it up and add any relevant
htb Learning day part 3: Reading other HTB writeups -- Tabby, and finding new tools I once received some advice from a dude who is pretty good at this kind of stuff to read other writeups once I've solved a box. This will help because you will discover other techniques you didn't think about or know about. I'm going
hackthebox Hack the Box -- Solidstate I usually don't do writeups for boxes I didn't solve while active, but I'm taking today as a learning/training day and I figured I would do one of TJ Null's OSCP-like [https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#
hackthebox Random Notes on Hack the Box -------------------------------------------------------------------------------- I was feeling a bit under the weather recently, and I just couldn't get myself up to do HTB. Instead, I watched some IppSec videos in hopes of learning some things. I checked out the video for Popcorn and tried to understand what was going on as
hackthebox Hack the Box - Blunder This is my walkthrough for Blunder. Nmap Results nux@KacaLinux:~/Documents/htb/boxes/blunder/nmap$ cat services # Nmap 7.80 scan initiated Sat Jun 6 04:58:57 2020 as: nmap -T4 -sC -p 21,80 -oN services 10.10.10.191 Nmap scan report for 10.10.10.191
python Remembering Input Validation and Error Handling As you may know, I've been working on a script that has a working title of EZShellz, or something to that effect. It's not totally official, but it seems to be sticking at this point, so that may become its permanent name. Anyway, I've
hackthebox Hack the Box - Magic I thought I'd try something kind of new with this. I'm going to put together the write up that covers how I solved it on my own. Then I'm going to post some links to write ups that solved it in some notable different
hackthebox Hack the Box Walkthrough - Traceback Traceback is an easy box on Hack the Box. The premise is that it got pwned and the attacker left a back door for us to use. It was retired this week, so now I can write about it. Of course the first thing we do is run Nmap. Here&
OSCP Learned something new about reverse shells this weekend I've been working on more Windows boxes lately as part of my OSCP preparation. It's no secret to any of my friends who know me personally that I'm not a big fan of working on Windows. Tough luck. Have to learn. Anyway, Windows doesn&
OSCP As I work towards my OSCP I've been working on my OSCP for some time. I just never feel quite ready. I've been pwning more and more machines on Hack the Box. Things are making much more sense, and it's coming together better than it did before. That said, I
hackthebox Hack the Box - OpenAdmin OpenAdmin was one of my favorite boxes. It's actually not very difficult, but it has just enough to force you to look around a bit. I enjoyed it because I felt like nothing was really guesswork. Everything I needed was presented to me on the box and in
hackthebox Hack the Box - Sense This is actually one of my least favorite boxes. The wordlist I had to use to have any idea of what to do next was obnoxiously long. After you get past that hurdle, it's pretty much instaroot from there. That said, I try to find value in everything.
hackthebox Hack the Box - Bashed Bashed is a pretty easy box. It sets you up for an easy win and gives you a really cool tool I've used quite a few times for gaining web shells, like the one I used in Networked [https://danielxblack.ghost.io/hack-the-box-networked/]. It's called phpbash,
