Walk-through of Shoppy from HackTheBox
Shoppy is an easy level machine by lockscan on HackTheBox. It’s a Linux box looking at NoSQL injections and Docker exploits. Machine Information This was...
Posts by Year
2023
Walk-through of Support from HackTheBox
Support is an easy level machine by 0xdf on HackTheBox. This Windows box explores the risks of insecure permissions in an Active Directory environment. Mach...
Walk-through of Shared from HackTheBox
Shared is a medium level machine by Nauten on HackTheBox. This Linux box explores using recent publicly disclosed vulnerabilities against a couple of well kn...
Walk-through of Faculty from HackTheBox
Faculty is a medium level machine by gbyolo on HackTheBox. This Linux box focuses on vulnerabilities in a web app and software used by it.
Walk-through of RedPanda from HackTheBox
RedPanda is an easy level machine by Woodenk on HackTheBox. This Linux box focuses on a Java web application and a couple of OWASP favourite methods of explo...
Walk-through of Scrambled from HackTheBox
Scrambled is a medium level machine by VbScrub on HackTheBox. It’s A Windows box that focuses on using different Impacket scripts to progress.
Walk-through of Trick from HackTheBox
Trick is an easy level machine by Geiseric on HackTheBox. This Linux box focuses on web app and OS enumeration, and using SQLMap to dump data.
Walk-through of StreamIO from HackTheBox
StreamIO is a medium level machine by JDgodd and nikk37 on HackTheBox. It’s A Windows box that focuses on recon and enumeration, with an interesting mix of t...
Walk-through of OpenSource from HackTheBox
OpenSource is an easy level machine by irogir on HackTheBox. It focuses on applications, containers and working with git.
2022
Walk-through of Late from HackTheBox
Machine Information Late is rated as an easy machine on HackTheBox. The path to root is fairly simple on this box, but with a tricky to get right section ...
Walk-through of Noter from HackTheBox
Noter is a medium level machine by kavigihan on HackTheBox. It focuses on a poorly written Flask app and exploiting user defined functions in MySQL.
Walk-through of Support from HackTheBox
Support is an easy level machine by 0xdf on HackTheBox. This Windows box explores the risks of insecure permissions in an Active Directory environment.
Walk-through of Retired from HackTheBox
Retired is a medium level machine by uco2KFh on HackTheBox. It focuses on binary exploitation and taking advantage of poorly designed scripts and services.
Walk-through of Timelapse from HackTheBox
Machine Information Timelapse is rated as an easy machine on HackTheBox. This Windows box has many ports open but our time is spent mostly on port 445 wit...
Walk-through of Shared from HackTheBox
Shared is a medium level machine by Nauten on HackTheBox. This Linux box explores using recent publicly disclosed vulnerabilities against a couple of well kn...
Walk-through of Catch from HackTheBox
Machine Information Catch is rated as a medium machine on HackTheBox. This Linux box has a number of open ports, but we start with an APK we download and ...
Walk-through of Faculty from HackTheBox
Faculty is a medium level machine by gbyolo on HackTheBox. This Linux box focuses on vulnerabilities in a web app and software used by it.
Walk-through of RedPanda from HackTheBox
RedPanda is an easy level machine by Woodenk on HackTheBox. This Linux box focuses on a Java web application and a couple of OWASP favourite methods of explo...
Walk-through of Scrambled from HackTheBox
Scrambled is a medium level machine by VbScrub on HackTheBox. This is a Windows box that primarily focuses on different ways of interacting with Kerberos.
Walk-through of RouterSpace from HackTheBox
RouterSpace is an easy level machine by h4rithd on HackTheBox. This Linux box focuses on web app and OS enumeration, and using SQLMap to dump data. Machine ...
Walk-through of Trick from HackTheBox
Trick is an easy level machine by Geiseric on HackTheBox. This Linux box focuses on web app and OS enumeration, and using SQLMap to dump data.
Walk-through of Undetected from HackTheBox
Machine Information Undetected is a medium rated Linux machine on HackTHeBox and was created by TheCyberGeek. We start by finding a website with a vulnera...
Walk-through of StreamIO from HackTheBox
StreamIO is a medium level machine by JDgodd and nikk37 on HackTheBox. It’s A Windows box that focuses on recon and enumeration, with an interesting mix of t...
Walk-through of Retired from HackTheBox
Retired is a medium level machine by uco2KFh on HackTheBox. It focuses on binary exploitation and taking advantage of poorly designed scripts and services.
Walk-through of Paper from HackTheBox
Machine Information Paper is an easy machine on HackTheBox. It’s loosely themed around the American version of Office the TV series. We start by enumerati...
Walk-through of Meta from HackTheBox
Machine Information Meta is a medium machine on HackTheBox. An initial scan finds a simple website but that is a dead end. After some enumeration we have ...
Walk-through of AdmirerToo from HackTheBox
Machine Information We start this box on port 80, there’s a website and some enumeration finds us a database. We use an SSRF vulnerability to find OpenTSD...
Walk-through of Timing from HackTheBox
Timing is an easy level machine by irogir on HackTheBox. It focuses on application vulnerabilities, both web and shell based.
Walk-through of OpenSource from HackTheBox
OpenSource is an easy level machine by irogir on HackTheBox. It focuses on applications, containers and working with git.
Walk-through of Pandora from HackTheBox
Machine Information Pandora is an easy machine on HackTheBox. An initial website on port 80 reveals nothing, but enumeration of UDP ports exposes credenti...
Walk-through of Noter from HackTheBox
Noter is a medium level machine by kavigihan on HackTheBox.
Walk-through of Nunchucks from HackTheBox
Machine Information Nunchucks is an easy machine on HackTheBox. We start with enumeration and find a website on a subdomain that’s vulnerable to server si...
Walk-through of Unicode from HackTheBox
Machine Information Unicode is a medium machine on HackTheBox. Our initial scan finds a simple website to investigate, and from there we discover the use ...
Walk-through of Backdoor from HackTheBox
Machine Information Backdoor is an easy machine on HackTheBox. We start by finding a basic WordPress site with a vulnerable plugin. This allows directory ...
Walk-through of Shibboleth from HackTheBox
Machine Information Shibboleth is a medium machine on HackTheBox. After some initial enumeration we find a login page for an installation of Zabbix. Using...
Walk-through of Secret from HackTheBox
Machine Information Secret is rated as an easy machine on HackTheBox. We start with a backup found on the website running on the box. In there we find a n...
Walk-through of Devzat from HackTheBox
Machine Information Devzat is a medium machine on HackTheBox. After an initial scan we find a version of the developers chat system called Devzat. Further...
Walk-through of Driver from HackTheBox
Machine Information Driver is an easy Windows machine on HackTheBox created by MrR3boot. It highlights the dangers of printer servers not being properly s...
Walk-through of Bolt from HackTheBox
Machine Information Bolt is a medium machine on HackTheBox. We find a website with an archive that we download and discover lots of files and folders. Sea...
Walk-through of EarlyAccess from HackTheBox
Machine Information EarlyAccess is a rated as a hard machine on HackTheBox. This was a long and complex box themed around an imaginary game development co...
Walk-through of Horizontall from HackTheBox
Machine Information Horizontall is rated as an easy machine on HackTheBox. Our initial scan reveals just two open ports. There’s just a static website on ...
Walk-through of Forge from HackTheBox
Machine Information Forge is a medium machine on HackTheBox. We start with a simple website, after some enumeration and testing we find a way to upload a ...
Moving between Kali distributions
Overview There’s a lot of choices for penetration testing distributions. A good list here shows the popular ones, but for me I’ve stuck with Kali for a nu...
Walk-through of Union from HackTheBox
Machine Information Union is a medium machine on HackTheBox. Created by Ippsec for the UHC November 2021 finals it focuses on SQL Injection as an attack v...
Walk-through of LogForge from HackTheBox
Machine Information LogForge is a medium machine on HackTheBox. Created by Ippsec for the UHC December 2021 finals it focuses on exploiting vulnerabilitie...
2021
Walk-through of Previse from HackTheBox
Machine Information Previse is rated as an easy machine on HackTheBox. An initial scan reveals just two open ports. We start by looking at the website on ...
Walk-through of Static from HackTheBox
Machine Information Static is a hard machine on HackTheBox. We start with a hidden folder on a website containing a corrupt backup. Once recovered we’re g...
Walk-through of Pikaboo from HackTheBox
Machine Information Pikaboo is a hard machine on HackTheBox. Our initial scan finds just three open ports, with the webserver being our starting point. We...
Walk-through of Intelligence from HackTheBox
Machine Information Intelligence is a medium machine on HackTheBox. This is a Windows box hosting a DC and many other services. Our starting point is a we...
Walk-through of BountyHunter from HackTheBox
Machine Information BountyHunter is rated as an easy machine on HackTheBox. Although it’s clear not all easy machines are created equal! We scan the box t...
Securing connectivity with a VPN on Kali
Overview As hackers we frequently want to hide our activities and identity. Why use a VPN to help with this? Hide your IP address to make sure no one ...
CTF All The Things
I’m starting to move this content to something a bit easier to maintain and read over on Gitbooks here. Recon Gobuster Install: apt-get install gobuste...
Walk-through of Writer from HackTheBox
Machine Information Writer is a medium machine on HackTheBox. We start by enumerating a website that leads us to a login page, which is easily bypassed to...
Walk-through of Return from HackTheBox
Machine Information Return is an easy machine on HackTheBox. We start with a website hosting a printer admin panel which we can redirect to point at our a...
Walk-through of Seal from HackTheBox
Machine Information Seal is a medium machine on HackTheBox. We start by gaining access to an installation of GitBucket, and after enumeration discover cre...
Walk-through of dynstr from HackTheBox
Machine Information dynstr is rated as a medium machine on HackTheBox. We start with a static website for a Dynamic DNS service, which hides several hidde...
Walk-through of Explore from HackTheBox
Machine Information Explore is rated as an easy machine on HackTheBox. This box is a little different because we’re working on an Android device, however ...
Walk-through of Cap from HackTheBox
Machine Information Cap is rated a an easy machine on HackTheBox. After an initial scan we find a few ports open, a website running on port 80 is our star...
Walk-through of Pit from HackTheBox
Machine Information Pit is rated as a medium machine on HackTheBox. Thorough enumeration is needed to find our initial path using snmpwalk. From there we ...
Walk-through of Schooled from HackTheBox
Machine Information Schooled is rated as a medium machine on HackTheBox. An initial scan reveals a website running on port 80, and recon of it finds a Moo...
Walk-through of Knife from HackTheBox
Machine Information Knife is rated as an easy machine on HackTheBox. An initial scan reveals a simple website running on port 80. Examining headers we dis...
Walk-through of Validation from HackTheBox
Machine Information Validation is rated as an easy machine on HackTheBox. It was created by ippsec for the Qualifiers of the Ultimate Hacking Championship...
Walk-through of Love from HackTheBox
Machine Information Love is rated as an easy machine on HackTheBox. An initial scan discovers a Windows box with lots of open ports, however a website run...
Walk-through of Armageddon from HackTheBox
Machine Information Armageddon is rated as an easy machine on HackTheBox. Our initial scan finds just two open ports, with an out of date Drupal site on p...
Walk-through of OpenAdmin from HackTheBox
Machine Information OpenAdmin is rated as an easy machine on HackTheBox. Our initial scan finds just two open ports, but further enurmeration with GoBuste...
HiveNightmare / CVE-2021-36934
Vulnerability Info Another week, another vulnerability. CVE here, and according to Microsoft: An elevation of privilege vulnerability exists because of o...
Pre-Security Learning Path from TryHackMe
Learning Path Information Pre-Security is the latest learning path from TryHackMe and it joins five others that have been available for a while. This one ...
PrintNightmare / CVE-2021-1675 - Step-by-step Guide
Vulnerability Info Thanks to Trusec for the great info they’ve gathered here, from that: PrintNightmare (CVE-2021-1675) is a vulnerability that allows an...
Walk-through of SQHell from TryHackMe
Machine Information SQHell is a medium difficulty room on TryHackMe. Instead of the usual capture the flag style experience this room is designed to help ...
Walk-through of Mustacchio from TryHackMe
Machine Information Mustacchio is an easy difficulty room on TryHackMe. Our initial scan reveals SSH on port 22 which is left for later, and our investiga...
Walk-through of Tenet from HackTheBox
Machine Information Tenet is rated as a medium machine on HackTheBox. Our initial scan finds a WordPress site with a suspicious post that leads us to a me...
Walk-through of Cat Pictures from TryHackMe
Machine Information Cat Pictures is an easy difficulty room on TryHackMe. Our initial scan reveals several open and filtered ports. We find phpBB running ...
Walk-through of VulnNet: Internal from TryHackMe
Machine Information VulnNet: Internal is an easy difficulty room on TryHackMe. Our initial scan reveals a lot of open ports, and this server presents us w...
Walk-through of Ustoun from TryHackMe
Machine Information Ustoun is a medium difficulty room on TryHackMe. An initial scan reveals a Windows Domain Controller with many open ports, but SQL on ...
Walk-through of Delivery from HackTheBox
Machine Information Delivery is rated as an easy machine on HackTheBox. An initial scan reveals several open ports. We find a helpdesk system powered by o...
Walk-through of Unstable Twin from TryHackMe
Machine Information Unstable Twin is a medium difficulty room on TryHackMe. An initial scan reveals just two ports are open. After some enumeration we fin...
Walk-through of Ready from HackTheBox
Machine Information Ready is rated as a medium machine on HackTheBox. We start by finding a vulnerable version of GitLab running on the server. We use a p...
Walk-through of Retro from TryHackMe
Machine Information Retro is a hard difficulty room on TryHackMe. An initial scan reveals just two ports, a WordPress site on port 80, and RDP open on 338...
Walk-through of VulnNet: dotjar from TryHackMe
Machine Information VulnNet: dotjar is a medium difficulty room on TryHackMe. An initial scan reveals just two ports, with an outdated version of Apache a...
Walk-through of Year Of The Jellyfish from TryHackMe
Machine Information Year Of The Jellyfish is a hard difficulty room on TryHackMe. An initial scan finds a number of open ports as well as several subdomai...
Walk-through of Different CTF from TryHackMe
Machine Information Different CTF is a hard difficulty room on TryHackMe. An initial scan reveals a WordPress site, which we scan to find hidden files. Th...
Walk-through of Cooctus Stories from TryHackMe
Machine Information Cooctus Stories is a medium difficulty room on TryHackMe. An initial scan reveals an exposed nfs share, where we find credentials to g...
Walk-through of Brainpan from TryHackMe
Machine Information Brainpan is rated as a hard difficulty room on TryHackMe. This Windows based server has only two open ports. We find an application ca...
Walk-through of Wreath from TryHackMe
Machine Information Wreath is different to a normal TryHackMe room, instead of a single machine it’s a network of three. This means there’s a lot of conte...
Walk-through of Glitch from TryHackMe
Machine Information Glitch is an easy difficulty room on TryHackMe. An initial scan reveals a web server which we find a node.js application running on it...
Walk-through of Attacktive Directory from TryHackMe
Machine Information Attacktive Directory is a medium difficulty room on TryHackMe. An initial nmap scan reveals a Windows domain controller, which we prob...
Walk-through of Spectra from HackTheBox
Machine Information Spectra is rated as an easy machine on HackTheBox. We start by finding a WordPress site and soon after credentials to access its admin...
Walk-through of Gatekeeper from TryHackMe
Machine Information Gatekeeper is rated as a medium difficulty room on TryHackMe. We start by finding something responding on an unusual port. Further inv...
Walk-through of Buffer Overflow Prep from TryHackMe
Machine Information Buffer Overflow Prep is rated as an easy difficulty room on TryHackMe. It uses a vulnerable 32bit Windows binary to help teach you bas...
Walk-through of Internal from TryHackMe
Machine Information Internal is rated as a hard difficulty room on TryHackMe. No clues are given in the room description, we are just told to treat this a...
Walk-through of Relevant from TryHackMe
Machine Information Relevant is rated as a medium difficulty room on TryHackMe. We have no information given in the room description, but after enumeratin...
Walk-through of Overpass 2 - Hacked from TryHackMe
Machine Information Overpass 2 is rated as an easy difficulty room on TryHackMe. The Overpass server has been hacked and we need to find our way back in t...
Walk-through of Daily Bugle from TryHackMe
Machine Information Daily Bugle is rated as a hard difficulty room on TryHackMe. We start by finding a Joomla based blog, which is vulnerable to SQL injec...
Walk-through of Brainstorm from TryHackMe
Machine Information Brainstorm is rated as a medium difficulty room on TryHackMe. This Windows based server has a few open ports but something called Brai...
Walk-through of Skynet from TryHackMe
Machine Information Skynet is rated as an easy difficulty room on TryHackMe. This Linux based server has a number of web applications installed which we f...
Walk-through of Game Zone from TryHackMe
Machine Information Game Zone is rated as an easy difficulty room on TryHackMe. This Linux based server hosts a simple web application that we use to gain...
Walk-through of HackPark from TryHackMe
Machine Information HackPark is a medium difficulty room on TryHackMe. Running on Windows 2012 R2 Server, this room covers brute forcing a web application...
Walk-through of Jurassic Park from TryHackMe
Machine Information Jurassic Park is classed as a hard difficulty room on TryHackMe, although the description says it’s medium-hard. If you have experienc...
Walk-through of Pickle Rick from TryHackMe
Machine Information Pickle Rick is a nice and simple easy level Rick and Morty themed room. We exploit a web application to find three ingredients to help...
2020
Walk-through of Looking Glass from TryHackMe
Machine Information Looking Glass is another room by NinjaJc01, and a sequel to the first room of this series called Wonderland. This one is another mid l...
Extensions for VSCode to help you write posts easier
Overview This is the third post in a series of articles, that are aimed at showing you simple step by step guides to creating your own static website host...
Getting started with VSCode and Git
Overview This is the second post in a series of articles, that are aimed at showing you simple step by step guides to creating your own static website hos...
Walk-through of Arctic from HackTheBox
Machine Information Arctic is rated easy and is a fairly straightforward box. Basic troubleshooting is required to get the correct exploit functioning pro...
Walk-through of TenTen from HackTheBox
Machine Information Tenten is a medium difficulty machine, that demonstrates the severity of using outdated Wordpress plugins, which is a major attack vec...
Things to do with Kali after first boot
Kali Information In this previous guide I went through the steps of importing the VirtualBox specific pre-built image of Kali 2020.2a. Now we will walk th...
Importing Kali 2020.2a in to VirtualBox
VirtualBox And Kali Information Kali is one of the most popular pre-built cyber security environments. It’s well maintained and kept updated regularly, wi...
Installing VirtualBox 6.1.12 and Extensions
VirtualBox Information For penetration testing and capture the flag activities I use Kali as a VM within VirtualBox. There is a special VirtualBox image a...
Walk-through of Vegeta-1 from VulnHub
Machine Information Vegeta-1 is a beginner level Anime themed machine, based around the character Vegeta from Dragonball. It contains numerous rabbit hole...
Walk-through of Bastard from HackTheBox
Machine Information Optimum is rated easy and mainly focuses on enumeration of services with known exploits. There are Metasploit modules for the exploits...
Walk-through of Optimum from HackTheBox
Machine Information Optimum is rated easy and mainly focuses on enumeration of services with known exploits. There are Metasploit modules for the exploits...
Walk-through of Nineveh from HackTheBox
Machine Information Nineveh is a medium machine on HackTheBox, which is not too challenging. There are several stages needed to gain an initial foothold, ...
Walk-through of Holiday from HackTheBox
Machine Information Holiday is one of the most difficult machines currently on HackTheBox. The XSS knowledge required to get your initial shell is complex...
Getting started with Github
Overview This is the third post in a series of articles, that are aimed at showing you simple step by step guides to creating your own static website host...
GitHub, Jekyll, Markdown + VSCode = Writing Heaven
Overview There’s lots of ways to have your own freely hosted blog. I decided I wanted to do my own thing, so instead of a platform like Blogger or WordPre...
Walk-through of Post-Exploitation Basics from TryHackMe
Machine Information Post-Exploitation Basics is a beginner level room, that gives you the chance to try out several popular tools such as PowerView, Blood...
Walk-through of Intro To Django from TryHackMe
Machine Information Introduction Django is a beginner level room, aimed at giving you a good understanding of why it’s an important area to gain knowledge...
Walk-through of Wonderland from TryHackMe
Machine Information Wonderland is a mid level room themed around Alice In Wonderland. Skills required are basic enumeration techniques of websites and Lin...
Walk-through of Haircut from HackTheBox
Machine Information Haircut is rated medium, although compared some other boxes it is relatively simple. It’s main purpose is to demonstrate the problem w...
Walk-through of Injection from TryHackMe
Machine Information Injection is a beginner level room designed to show the dangers of badly coded web pages. Skills required are basic Linux knowledge an...
Walk-through of Sneaky from HackTheBox
Machine Information Sneaky introduces IPv6 enumeration through SNMP, and a fairly simple buffer overflow vulnerability needed to get to root. Skills requi...
Walk-through of Tomghost from TryHackMe
Machine Information Tomghost is a beginner level room based around a vulnerable Apache installation. Skills required are basic knowledge of Linux and enum...
Walk-through of Anthem from TryHackMe
Machine Information Anthem is a beginner level room which requires you to answer eight questions, and find six flags. Skills required are basic knowledge ...
Walk-through of Mr Robot CTF from TryHackMe
Machine Information Mr Robot CTF is a beginner level room themed around the TV series Mr Robot. Skills required are basic knowledge of Linux and enumerati...
Walk-through of Lian-Yu from TryHackMe
Machine Information Lian_Yu is a beginner level room themed around Arrowverse. Skills required are basic knowledge of Linux and enumerating ports and serv...
Walk-through of Beep from HackTheBox
Machine Information Beep has a large list of running services, which can make it a bit challenging to find the correct entry method. Skills required are b...
Walk-through of Popcorn from HackTheBox
Machine Information Popcorn contains a lot of content making it difficult to locate the proper attack vector at first. This machine mainly focuses on diff...
Walk-through of Devel from HackTheBox
Machine Information Devel is a beginner level box that demonstrates the security risks associated with some default program configurations. It can be comp...
Walk-through of Legacy from HackTheBox
Machine Information Legacy is a beginner level machine which demonstrates the potential security risks of SMB on Windows. Only one publicly available expl...
Walk-through of Lame from HackTheBox
Machine Information Lame is a beginner level machine, requiring only one exploit to obtain root access. Skills required are basic knowledge of Linux and e...