Home

  • ๐Ÿ•‘ Saturday, 10 October 2020 | ๐Ÿ“– 25 minutes

    HackTheBox - Cache

    8763baef5a7a328e384fd462fa2cdfd5.png

    0. Preface

    I think this was the second box I completed on HTB. Iโ€™ve come a pretty long way since then.

    Pretty fun box, especially with the OpenEMR exploits that you could do. I didnโ€™t know about the memcached service before doing this box either. The Docker privilege escalation path was interesting, but it took a little while for me to wrap my head around how to do it.

    In this box, we will be tackling:

    1. Careful reading
    2. Enumeration with SQL Injection on OpenEMR
    3. Getting a reverse shell with an OpenEMR CVE
    4. Looking through memcached service
    5. Exploiting Docker containers to get a root shell

    Continue Reading...


  • ๐Ÿ•‘ Saturday, 03 October 2020 | ๐Ÿ“– 13 minutes

    HackTheBox - Blackfield

    e4b91035871b12ac8cd1cd45348d29d4.png

    0. Preface

    If you didnโ€™t know that you could reset passwords through RPCClient, now you do. I also never had a chance to play with SeBackupPrivilege tokens, so this was a very nice learning opportunity as well.

    In this box, we will be tackling:

    1. ASREPRoasting to get valid users and TGTs
    2. Using RPCClient to reset passwords
    3. Reading memory dump of lsass
    4. Abusing SeBackupPrivilege token and dumping NTDS.dit

    Continue Reading...


  • ๐Ÿ•‘ Saturday, 26 September 2020 | ๐Ÿ“– 13 minutes

    HackTheBox - Admirer

    826c1493afa78679ff83dafffcebe67c.png

    0. Preface

    This box is pretty frustrating due to the amount of rabbit holes I got stuck in, but at least I learnt something new from this. Moral of the story - donโ€™t always rely on one tool or wordlist.

    In this box, we will be tackling:

    1. Getting stuck in rabbit holes.
    2. Exploiting Adminer
    3. Hijacking Python libraries

    Continue Reading...