hackthebox HTB post-game recap -- Passage Passage was a cool box overall. The hardest part for me was privesc. I had to get a lead from a buddy to show me what I was looking for. He said something along the lines of "ride the bus." The rest was a
learning Hack the Box -- Passage This is a write up of Passage on Hack the Box. NmapAs always, we start with our basic Nmap scans. The results are below: nux@KakaLinpoop:~/Documents/htb/boxes/passage/nmap$ nmap -T4 10.10.10.206 -p 22,80 -sC -oN scriptScans Starting
OSCP No Spoiler Review -- HTB Delivery Did Delivery on HacktheBox yesterday. I worked with a friend who is also studying for his OSCP, so we were able to build off of each other's progress. The machine is designed by IppSec, the dude who does HTB walkthrough videos on YouTube. Overall,
OSCP Proving Grounds Practice My three readers know by now that my exam experience didn't go as I'd hoped. I've blown through certification exams before, but this was next-level. I went in feeling like I have kicked enough butt in the labs and in HTB to be able
OSCP Exam kicked my butt Well, I was hoping I wouldn't have to write this post. The exam kicked my butt. Bad. I was hoping this post would be more like, "Yo! I got my OSCP!" I studied quite a bit and felt like I was steamrolling the lab
OSCP Update: Still In the Labs Still doing labs. I've popped about 22 boxes. Still need to do more. Hopefully soon I will be posting to report that I've passed. Here's a review of the exam by my friend @opsdisk, who took it a while back (long before OffSec added
OSCP Sup? I know, I know. Looks like I've been flaking out. Well, I suppose I have, but for good reason. Still studying for the OSCP. Still working on becoming much better at enumeration than I currently am and still working on speeding up my buffer
OSCP My OSCP journey week 1 I've been working through the PWK labs. It's not the easiest, but I've rooted five boxes and I have a shell in another. I will work on privesc tomorrow. At this point, the boxes haven't been particularly difficult, but I still don't feel that
OSCP So Where are the Updates? I meant to post my writeup of OpenKeys yesterday, but Saturday also so happened to be the day that my PWK coursework arrived. Guess what took priority? Right now, I'm writing my notes in a private GitBook Repo. I'm trying to build a gameplan
learning Knowing what you don't know This career can be intimidating. Almost daily, I look at all the things I don't know and think to myself, "Crap, man. This is still a mystery to me." As I work with people who are in the same field, many of them who
hackthebox Hack the Box -- Haircut This is a relatively easy box. Figured I'd do it since it was on the TJ Null list of OSCP-like boxes. NmapWe start with Nmap: nux@KakaLinpoop:~/Documents/htb/boxes/haircut/nmap$ cat scriptScan # Nmap 7.91 scan initiated Wed Dec 2 22:44:
ssh When ya gotta run SSH on more than one port I was working on a HTB challenge recently, and I am positive that the first time I completed the machine a few months ago, SSH access out from the box was allowed. Seems something changed, or I dunno, I got lucky. Not sure. Either
htb Hack the Box -- Buff My writeup of Buff. It's taken from my GitHub notes, before I really started to focus on doing writeups. The original wasn't written with a blog post in mind, but I'll be updating the live post to fix it up and add any relevant
htb Learning day part 3: Reading other HTB writeups -- Tabby, and finding new tools I once received some advice from a dude who is pretty good at this kind of stuff to read other writeups once I've solved a box. This will help because you will discover other techniques you didn't think about or know about. I'm going
sql Port Swigger's Web Security Academy is Good Stuff One of my current weak points (and there are many) is SQL injection. I just can't quite pull them off yet. Sure, I know the basics like or '1'='1' stuff. Even then, it's a bit rocky for me. It's when it comes down
hackthebox Hack the Box Walkthrough - Traceback Traceback is an easy box on Hack the Box. The premise is that it got pwned and the attacker left a back door for us to use. It was retired this week, so now I can write about it. Of course the first thing
OSCP Learned something new about reverse shells this weekend I've been working on more Windows boxes lately as part of my OSCP preparation. It's no secret to any of my friends who know me personally that I'm not a big fan of working on Windows. Tough luck. Have to learn. Anyway, Windows doesn't
OSCP As I work towards my OSCP I've been working on my OSCP for some time. I just never feel quite ready. I've been pwning more and more machines on Hack the Box. Things are making much more sense, and it's coming together better than it did before. That said, I
OSCP Cool new trick I learned to transfer files to Windows boxes My buddy Julian and I are both on the road to OSCP. We've been setting up study sessions where we attack boxes from TJ Null's list of OSCP-like boxes. It's a live list that's always growing. Worth checking out if you're studying for the
OSCP Thoughts as I work through some studies I've been cracking away at studying for the OSCP certification. It's taken quite a bit of my time, but I want to accomplish it. I've also been sitting on the eLearn Security eCPPT course. It's good content, but I'm more motivated to obtain my