hackthebox

A collection of 23 posts

learning

Relaxing for a bit, and learning at my pace

I recently decided to take a bit of a break from work. I was overdoing it and burning out. It's working out for the best so far, and I'm feeling great. I slowed down and started learning at my own pace. Instead of forcing myself to cram new information every

hackthebox

HTB post-game recap -- Passage

Passage was a cool box overall. The hardest part for me was privesc. I had to get a lead from a buddy to show me what I was looking for. He said something along the lines of "ride the bus." The rest was a ton of Googling anything I found

learning

Hack the Box -- Passage

This is a write up of Passage on Hack the Box. Nmap As always, we start with our basic Nmap scans. The results are below: nux@KakaLinpoop:~/Documents/htb/boxes/passage/nmap$ nmap -T4 10.10.10.206 -p 22,80 -sC -oN scriptScans Starting Nmap 7.91 ( https://nmap.

OSCP

No Spoiler Review -- HTB Delivery

Did Delivery on HacktheBox yesterday. I worked with a friend who is also studying for his OSCP, so we were able to build off of each other's progress. The machine is designed by IppSec, the dude who does HTB walkthrough videos on YouTube. Overall, I have to say it was

hackthebox

Hack the Box -- Haircut

This is a relatively easy box. Figured I'd do it since it was on the TJ Null list of OSCP-like boxes. Nmap We start with Nmap: nux@KakaLinpoop:~/Documents/htb/boxes/haircut/nmap$ cat scriptScan # Nmap 7.91 scan initiated Wed Dec 2 22:44:28 2020 as: nmap -T4

ssh

When ya gotta run SSH on more than one port

I was working on a HTB challenge recently, and I am positive that the first time I completed the machine a few months ago, SSH access out from the box was allowed. Seems something changed, or I dunno, I got lucky. Not sure. Either way when I was redoing the

htb

Hack the Box -- Buff

My writeup of Buff. It's taken from my GitHub notes, before I really started to focus on doing writeups. The original wasn't written with a blog post in mind, but I'll be updating the live post to fix it up and add any relevant screenshots. Nmap Results sudo nmap -T4

hackthebox

Hack the Box -- Beep

Foothold was a pain in the butt.

htb

Learning day part 3: Reading other HTB writeups -- Tabby, and finding new tools

I once received some advice from a dude who is pretty good at this kind of stuff to read other writeups once I've solved a box. This will help because you will discover other techniques you didn't think about or know about. I'm going to do that right now with

hackthebox

Hack the Box -- Solidstate

I usually don't do writeups for boxes I didn't solve while active, but I'm taking today as a learning/training day and I figured I would do one of TJ Null's OSCP-like [https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#] boxes for practice. Let's take a look at

hackthebox

Random Notes on Hack the Box

-------------------------------------------------------------------------------- I was feeling a bit under the weather recently, and I just couldn't get myself up to do HTB. Instead, I watched some IppSec videos in hopes of learning some things. I checked out the video for Popcorn and tried to understand what was going on as IppSec was

tabby

Hack the Box -- Tabby

Hack the box walkthrough for Tabby.

hackthebox

Hack the Box - Blunder

This is my walkthrough for Blunder. Nmap Results nux@KacaLinux:~/Documents/htb/boxes/blunder/nmap$ cat services # Nmap 7.80 scan initiated Sat Jun 6 04:58:57 2020 as: nmap -T4 -sC -p 21,80 -oN services 10.10.10.191 Nmap scan report for 10.10.10.191

python

Remembering Input Validation and Error Handling

As you may know, I've been working on a script that has a working title of EZShellz, or something to that effect. It's not totally official, but it seems to be sticking at this point, so that may become its permanent name. Anyway, I've been working on it a bit

hackthebox

Hack the Box - Magic

I thought I'd try something kind of new with this. I'm going to put together the write up that covers how I solved it on my own. Then I'm going to post some links to write ups that solved it in some notable different way. This is in hopes of

hackthebox

Hack the Box Walkthrough - Traceback

Traceback is an easy box on Hack the Box. The premise is that it got pwned and the attacker left a back door for us to use. It was retired this week, so now I can write about it. Of course the first thing we do is run Nmap. Here's

hackthebox

Just a quick post

I've reached Hacker level on Hack the Box. That's kinda cool.

OSCP

Learned something new about reverse shells this weekend

I've been working on more Windows boxes lately as part of my OSCP preparation. It's no secret to any of my friends who know me personally that I'm not a big fan of working on Windows. Tough luck. Have to learn. Anyway, Windows doesn't typically have cool apps like Netcat

OSCP

As I work towards my OSCP

I've been working on my OSCP for some time. I just never feel quite ready. I've been pwning more and more machines on Hack the Box. Things are making much more sense, and it's coming together better than it did before. That said, I still don't feel quite ready. I

hackthebox

Hack the Box - OpenAdmin

OpenAdmin was one of my favorite boxes. It's actually not very difficult, but it has just enough to force you to look around a bit. I enjoyed it because I felt like nothing was really guesswork. Everything I needed was presented to me on the box and in some way

hackthebox

Hack the Box - Sense

This is actually one of my least favorite boxes. The wordlist I had to use to have any idea of what to do next was obnoxiously long. After you get past that hurdle, it's pretty much instaroot from there. That said, I try to find value in everything. If you

hackthebox

Hack the Box - Bashed

Bashed is a pretty easy box. It sets you up for an easy win and gives you a really cool tool I've used quite a few times for gaining web shells, like the one I used in Networked [https://danielxblack.ghost.io/hack-the-box-networked/]. It's called phpbash, and you can get

hackthebox

Hack the Box - Networked

HTB walkthrough of networked.