Posts by Year

2021

Walk-through of Pikaboo from HackTHeBox

13 minute read

Machine Information Pikaboo is a hard machine on HackTheBox. Our initial scan finds just three open ports, with the webserver being our starting point. We...

Walk-through of Intelligence from HackTHeBox

19 minute read

Machine Information Intelligence is a medium machine on HackTheBox. This is a Windows box hosting a DC and many other services. Our starting point is a we...

Walk-through of BountyHunter from HackTHeBox

10 minute read

Machine Information BountyHunter is rated as an easy machine on HackTheBox. Although it’s clear not all easy machines are created equal! We scan the box t...

Securing connectivity with a VPN on Kali

2 minute read

Overview As hackers we frequently want to hide our activities and identity. Why use a VPN to help with this? Hide your IP address to make sure no one ...

CTF All The Things

1 minute read

Recon Gobuster Install: apt-get install gobuster Mode: gobuster dns -d <target domain> -w <wordlist> gobuster dir -u <target url> -...

Walk-through of Return from HackTHeBox

12 minute read

Machine Information Return is an easy machine on HackTheBox. We start with a website hosting a printer admin panel which we can redirect to point at our a...

Walk-through of Seal from HackTHeBox

11 minute read

Machine Information Seal is a medium machine on HackTheBox. We start by gaining access to an installation of GitBucket, and after enumeration discover cre...

Walk-through of dynstr from HackTHeBox

16 minute read

Machine Information dynstr is rated as a medium machine on HackTheBox. We start with a static website for a Dynamic DNS service, which hides several hidde...

Walk-through of Explore from HackTHeBox

9 minute read

Machine Information Explore is rated as an easy machine on HackTheBox. This box is a little different because we’re working on an Android device, however ...

Walk-through of Cap from HackTHeBox

5 minute read

Machine Information Cap is rated a an easy machine on HackTheBox. After an initial scan we find a few ports open, a website running on port 80 is our star...

Walk-through of Pit from HackTHeBox

14 minute read

Machine Information Pit is rated as a medium machine on HackTheBox. Thorough enumeration is needed to find our initial path using snmpwalk. From there we ...

Walk-through of Schooled from HackTHeBox

15 minute read

Machine Information Schooled is rated as a medium machine on HackTheBox. An initial scan reveals a website running on port 80, and recon of it finds a Moo...

Walk-through of Knife from HackTHeBox

5 minute read

Machine Information Knife is rated as an easy machine on HackTheBox. An initial scan reveals a simple website running on port 80. Examining headers we dis...

Walk-through of Validation from HackTHeBox

9 minute read

Machine Information Validation is rated as an easy machine on HackTheBox. It was created by ippsec for the Qualifiers of the Ultimate Hacking Championship...

Walk-through of Love from HackTHeBox

7 minute read

Machine Information Love is rated as an easy machine on HackTheBox. An initial scan discovers a Windows box with lots of open ports, however a website run...

Walk-through of Armageddon from HackTHeBox

13 minute read

Machine Information Armageddon is rated as an easy machine on HackTheBox. Our initial scan finds just two open ports, with an out of date Drupal site on p...

Walk-through of OpenAdmin from HackTHeBox

9 minute read

Machine Information OpenAdmin is rated as an easy machine on HackTheBox. Our initial scan finds just two open ports, but further enurmeration with GoBuste...

HiveNightmare / CVE-2021-36934

11 minute read

Vulnerability Info Another week, another vulnerability. CVE here, and according to Microsoft: An elevation of privilege vulnerability exists because of o...

Pre-Security Learning Path from TryHackMe

6 minute read

Learning Path Information Pre-Security is the latest learning path from TryHackMe and it joins five others that have been available for a while. This one ...

Walk-through of SQHell from TryHackMe

40 minute read

Machine Information SQHell is a medium difficulty room on TryHackMe. Instead of the usual capture the flag style experience this room is designed to help ...

Walk-through of Mustacchio from TryHackMe

9 minute read

Machine Information Mustacchio is an easy difficulty room on TryHackMe. Our initial scan reveals SSH on port 22 which is left for later, and our investiga...

Walk-through of Tenet from HackTHeBox

10 minute read

Machine Information Tenet is rated as a medium machine on HackTheBox. Our initial scan finds a WordPress site with a suspicious post that leads us to a me...

Walk-through of Cat Pictures from TryHackMe

15 minute read

Machine Information Cat Pictures is an easy difficulty room on TryHackMe. Our initial scan reveals several open and filtered ports. We find phpBB running ...

Walk-through of Ustoun from TryHackMe

9 minute read

Machine Information Ustoun is a medium difficulty room on TryHackMe. An initial scan reveals a Windows Domain Controller with many open ports, but SQL on ...

Walk-through of Delivery from HackTHeBox

11 minute read

Machine Information Delivery is rated as an easy machine on HackTheBox. An initial scan reveals several open ports. We find a helpdesk system powered by o...

Walk-through of Unstable Twin from TryHackMe

12 minute read

Machine Information Unstable Twin is a medium difficulty room on TryHackMe. An initial scan reveals just two ports are open. After some enumeration we fin...

Walk-through of Ready from HackTHeBox

9 minute read

Machine Information Ready is rated as a medium machine on HackTheBox. We start by finding a vulnerable version of GitLab running on the server. We use a p...

Walk-through of Retro from TryHackMe

7 minute read

Machine Information Retro is a hard difficulty room on TryHackMe. An initial scan reveals just two ports, a WordPress site on port 80, and RDP open on 338...

Walk-through of VulnNet: dotjar from TryHackMe

7 minute read

Machine Information VulnNet: dotjar is a medium difficulty room on TryHackMe. An initial scan reveals just two ports, with an outdated version of Apache a...

Walk-through of Different CTF from TryHackMe

14 minute read

Machine Information Different CTF is a hard difficulty room on TryHackMe. An initial scan reveals a WordPress site, which we scan to find hidden files. Th...

Walk-through of Cooctus Stories from TryHackMe

17 minute read

Machine Information Cooctus Stories is a medium difficulty room on TryHackMe. An initial scan reveals an exposed nfs share, where we find credentials to g...

Walk-through of Brainpan from TryHackMe

10 minute read

Machine Information Brainpan is rated as a hard difficulty room on TryHackMe. This Windows based server has only two open ports. We find an application ca...

Walk-through of Wreath from TryHackMe

49 minute read

Machine Information Wreath is different to a normal TryHackMe room, instead of a single machine it’s a network of three. This means there’s a lot of conte...

Walk-through of Glitch from TryHackMe

8 minute read

Machine Information Glitch is an easy difficulty room on TryHackMe. An initial scan reveals a web server which we find a node.js application running on it...

Walk-through of Spectra from HackTHeBox

10 minute read

Machine Information Spectra is rated as an easy machine on HackTheBox. We start by finding a WordPress site and soon after credentials to access its admin...

Walk-through of Gatekeeper from TryHackMe

15 minute read

Machine Information Gatekeeper is rated as a medium difficulty room on TryHackMe. We start by finding something responding on an unusual port. Further inv...

Walk-through of Internal from TryHackMe

18 minute read

Machine Information Internal is rated as a hard difficulty room on TryHackMe. No clues are given in the room description, we are just told to treat this a...

Walk-through of Relevant from TryHackMe

6 minute read

Machine Information Relevant is rated as a medium difficulty room on TryHackMe. We have no information given in the room description, but after enumeratin...

Walk-through of Daily Bugle from TryHackMe

11 minute read

Machine Information Daily Bugle is rated as a hard difficulty room on TryHackMe. We start by finding a Joomla based blog, which is vulnerable to SQL injec...

Walk-through of Brainstorm from TryHackMe

14 minute read

Machine Information Brainstorm is rated as a medium difficulty room on TryHackMe. This Windows based server has a few open ports but something called Brai...

Walk-through of Skynet from TryHackMe

13 minute read

Machine Information Skynet is rated as an easy difficulty room on TryHackMe. This Linux based server has a number of web applications installed which we f...

Walk-through of Game Zone from TryHackMe

8 minute read

Machine Information Game Zone is rated as an easy difficulty room on TryHackMe. This Linux based server hosts a simple web application that we use to gain...

Walk-through of HackPark from TryHackMe

9 minute read

Machine Information HackPark is a medium difficulty room on TryHackMe. Running on Windows 2012 R2 Server, this room covers brute forcing a web application...

Walk-through of Jurassic Park from TryHackMe

8 minute read

Machine Information Jurassic Park is classed as a hard difficulty room on TryHackMe, although the description says it’s medium-hard. If you have experienc...

Walk-through of Pickle Rick from TryHackMe

4 minute read

Machine Information Pickle Rick is a nice and simple easy level Rick and Morty themed room. We exploit a web application to find three ingredients to help...

Back to Top ↑

2020

Walk-through of Looking Glass from TryHackMe

13 minute read

Machine Information Looking Glass is another room by NinjaJc01, and a sequel to the first room of this series called Wonderland. This one is another mid l...

Getting started with VSCode and Git

4 minute read

Overview This is the second post in a series of articles, that are aimed at showing you simple step by step guides to creating your own static website hos...

Walk-through of Arctic from HackTheBox

9 minute read

Machine Information Arctic is rated easy and is a fairly straightforward box. Basic troubleshooting is required to get the correct exploit functioning pro...

Walk-through of TenTen from HackTheBox

10 minute read

Machine Information Tenten is a medium difficulty machine, that demonstrates the severity of using outdated Wordpress plugins, which is a major attack vec...

Things to do with Kali after first boot

7 minute read

Kali Information In this previous guide I went through the steps of importing the VirtualBox specific pre-built image of Kali 2020.2a. Now we will walk th...

Importing Kali 2020.2a in to VirtualBox

1 minute read

VirtualBox And Kali Information Kali is one of the most popular pre-built cyber security environments. It’s well maintained and kept updated regularly, wi...

Installing VirtualBox 6.1.12 and Extensions

2 minute read

VirtualBox Information For penetration testing and capture the flag activities I use Kali as a VM within VirtualBox. There is a special VirtualBox image a...

Walk-through of Vegeta-1 from VulnHub

5 minute read

Machine Information Vegeta-1 is a beginner level Anime themed machine, based around the character Vegeta from Dragonball. It contains numerous rabbit hole...

Walk-through of Bastard from HackTheBox

8 minute read

Machine Information Optimum is rated easy and mainly focuses on enumeration of services with known exploits. There are Metasploit modules for the exploits...

Walk-through of Optimum from HackTheBox

5 minute read

Machine Information Optimum is rated easy and mainly focuses on enumeration of services with known exploits. There are Metasploit modules for the exploits...

Walk-through of Nineveh from HackTheBox

11 minute read

Machine Information Nineveh is a medium machine on HackTheBox, which is not too challenging. There are several stages needed to gain an initial foothold, ...

Walk-through of Holiday from HackTheBox

16 minute read

Machine Information Holiday is one of the most difficult machines currently on HackTheBox. The XSS knowledge required to get your initial shell is complex...

Getting started with Github

6 minute read

Overview This is the third post in a series of articles, that are aimed at showing you simple step by step guides to creating your own static website host...

Walk-through of Intro To Django from TryHackMe

8 minute read

Machine Information Introduction Django is a beginner level room, aimed at giving you a good understanding of why it’s an important area to gain knowledge...

Walk-through of Wonderland from TryHackMe

10 minute read

Machine Information Wonderland is a mid level room themed around Alice In Wonderland. Skills required are basic enumeration techniques of websites and Lin...

Walk-through of Haircut from HackTheBox

6 minute read

Machine Information Haircut is rated medium, although compared some other boxes it is relatively simple. It’s main purpose is to demonstrate the problem w...

Walk-through of Injection from TryHackMe

4 minute read

Machine Information Injection is a beginner level room designed to show the dangers of badly coded web pages. Skills required are basic Linux knowledge an...

Walk-through of Sneaky from HackTheBox

19 minute read

Machine Information Sneaky introduces IPv6 enumeration through SNMP, and a fairly simple buffer overflow vulnerability needed to get to root. Skills requi...

Walk-through of Tomghost from TryHackMe

7 minute read

Machine Information Tomghost is a beginner level room based around a vulnerable Apache installation. Skills required are basic knowledge of Linux and enum...

Walk-through of Anthem from TryHackMe

5 minute read

Machine Information Anthem is a beginner level room which requires you to answer eight questions, and find six flags. Skills required are basic knowledge ...

Walk-through of Mr Robot CTF from TryHackMe

6 minute read

Machine Information Mr Robot CTF is a beginner level room themed around the TV series Mr Robot. Skills required are basic knowledge of Linux and enumerati...

Walk-through of Lian-Yu from TryHackMe

10 minute read

Machine Information Lian_Yu is a beginner level room themed around Arrowverse. Skills required are basic knowledge of Linux and enumerating ports and serv...

Walk-through of Beep from HackTheBox

4 minute read

Machine Information Beep has a large list of running services, which can make it a bit challenging to find the correct entry method. Skills required are b...

Walk-through of Popcorn from HackTheBox

5 minute read

Machine Information Popcorn contains a lot of content making it difficult to locate the proper attack vector at first. This machine mainly focuses on diff...

Walk-through of Devel from HackTheBox

9 minute read

Machine Information Devel is a beginner level box that demonstrates the security risks associated with some default program configurations. It can be comp...

Walk-through of Legacy from HackTheBox

2 minute read

Machine Information Legacy is a beginner level machine which demonstrates the potential security risks of SMB on Windows. Only one publicly available expl...

Walk-through of Lame from HackTheBox

3 minute read

Machine Information Lame is a beginner level machine, requiring only one exploit to obtain root access. Skills required are basic knowledge of Linux and e...

Back to Top ↑