hackthebox HTB post-game recap -- Passage Passage was a cool box overall. The hardest part for me was privesc. I had to get a lead from a buddy to show me what I was looking for. He said something along the lines of "ride the bus." The rest was a
learning Hack the Box -- Passage This is a write up of Passage on Hack the Box. NmapAs always, we start with our basic Nmap scans. The results are below: nux@KakaLinpoop:~/Documents/htb/boxes/passage/nmap$ nmap -T4 10.10.10.206 -p 22,80 -sC -oN scriptScans Starting
OSCP No Spoiler Review -- HTB Delivery Did Delivery on HacktheBox yesterday. I worked with a friend who is also studying for his OSCP, so we were able to build off of each other's progress. The machine is designed by IppSec, the dude who does HTB walkthrough videos on YouTube. Overall,
hackthebox Hack the Box -- Haircut This is a relatively easy box. Figured I'd do it since it was on the TJ Null list of OSCP-like boxes. NmapWe start with Nmap: nux@KakaLinpoop:~/Documents/htb/boxes/haircut/nmap$ cat scriptScan # Nmap 7.91 scan initiated Wed Dec 2 22:44:
ssh When ya gotta run SSH on more than one port I was working on a HTB challenge recently, and I am positive that the first time I completed the machine a few months ago, SSH access out from the box was allowed. Seems something changed, or I dunno, I got lucky. Not sure. Either
htb Hack the Box -- Buff My writeup of Buff. It's taken from my GitHub notes, before I really started to focus on doing writeups. The original wasn't written with a blog post in mind, but I'll be updating the live post to fix it up and add any relevant
htb Learning day part 3: Reading other HTB writeups -- Tabby, and finding new tools I once received some advice from a dude who is pretty good at this kind of stuff to read other writeups once I've solved a box. This will help because you will discover other techniques you didn't think about or know about. I'm going
hackthebox Hack the Box -- Solidstate I usually don't do writeups for boxes I didn't solve while active, but I'm taking today as a learning/training day and I figured I would do one of TJ Null's OSCP-like boxes for practice. Let's take a look at Solid State. Nmap Scansnux@
hackthebox Random Notes on Hack the Box I was feeling a bit under the weather recently, and I just couldn't get myself up to do HTB. Instead, I watched some IppSec videos in hopes of learning some things. I checked out the video for Popcorn and tried to understand what was
hackthebox Hack the Box - Blunder This is my walkthrough for Blunder. Nmap Resultsnux@KacaLinux:~/Documents/htb/boxes/blunder/nmap$ cat services # Nmap 7.80 scan initiated Sat Jun 6 04:58:57 2020 as: nmap -T4 -sC -p 21,80 -oN services 10.10.10.191 Nmap scan report
python Remembering Input Validation and Error Handling As you may know, I've been working on a script that has a working title of EZShellz, or something to that effect. It's not totally official, but it seems to be sticking at this point, so that may become its permanent name. Anyway, I've
hackthebox Hack the Box - Magic I thought I'd try something kind of new with this. I'm going to put together the write up that covers how I solved it on my own. Then I'm going to post some links to write ups that solved it in some notable different
hackthebox Hack the Box Walkthrough - Traceback Traceback is an easy box on Hack the Box. The premise is that it got pwned and the attacker left a back door for us to use. It was retired this week, so now I can write about it. Of course the first thing
OSCP Learned something new about reverse shells this weekend I've been working on more Windows boxes lately as part of my OSCP preparation. It's no secret to any of my friends who know me personally that I'm not a big fan of working on Windows. Tough luck. Have to learn. Anyway, Windows doesn't
OSCP As I work towards my OSCP I've been working on my OSCP for some time. I just never feel quite ready. I've been pwning more and more machines on Hack the Box. Things are making much more sense, and it's coming together better than it did before. That said, I
hackthebox Hack the Box - SwagShop: part 1 SwagShop is another machine on TJ Null's list of OSCP-like practice targets. It's considered an easy box. Of course, easy is subjective, and it all depends on where your strengths lie. Nmap scanOf course we start with the good ol' Nmap scan: sudo nmap
hackthebox Hack the Box - OpenAdmin OpenAdmin was one of my favorite boxes. It's actually not very difficult, but it has just enough to force you to look around a bit. I enjoyed it because I felt like nothing was really guesswork. Everything I needed was presented to me on
hackthebox Hack the Box - Sense This is actually one of my least favorite boxes. The wordlist I had to use to have any idea of what to do next was obnoxiously long. After you get past that hurdle, it's pretty much instaroot from there. That said, I try to
hackthebox Hack the Box - Bashed Bashed is a pretty easy box. It sets you up for an easy win and gives you a really cool tool I've used quite a few times for gaining web shells, like the one I used in Networked. It's called phpbash, and you can
