28Feb 2022 by admin

TryHackMe – ColddBox

Hacking, privilege escalation, shell, TryHackMe
Greetings everyone! We're back with another box; this one is called ColddBox that is on the TryHackMe platform! So let's jump right into it! We'll start off with an Nmap scan to see what ports we have open and what services are running on them. To do this, we'll use this command: nmap -A -p- -T4 10.10.150.55 Port 80 is open so let's begin by browsing to the website: We know from the data returned in our nmap scan that this is a WordPress site. Let's do some directory busting using a tool called gobuster: Hmm looks like there is a rather interesting directory called "hidden". Let's check it out! We are greeted with a message! Apparently someone named C0ldd is being asked to send Hugo his new password. Looking…
Read More
02Apr 2021 by admin

CyberSecLabs – Secret

Hacking, privilege escalation, smb, vulnerability, Windows
Greetings everyone and happy Friday! Welcome back to another walkthrough of a system hosted on the CyberSecLabs platform! The machine we'll be attacking today is called Secret, so let's jump right in! We'll start off by scanning the host with Nmap: So we have quite a bit of ports open here, and a lot to work with! Right off the bat, we should be focused on port 445 which is SMB. Let's start probing at that port to see if we can find any additional information. We'll start by using a tool called smbclient to enumerate possible shares. We can do this by specifying the "-L" switch: When prompted for a password, we can simply press enter to see if we can list the shares without providing any credentials. For…
Read More
25Mar 2021 by admin

CyberSecLabs – Unattended

Hacking, http, metasploit, meterpreter, privilege escalation, vulnerability, Windows
Greetings everyone! Today, we'll be attacking a machine called Unattended on a platform called CyberSecLabs! So without further ado, let's jump right into it! As always, we'll start off with our trusty nmap scan! So we see a few ports open that we can start probing. We may as well start off by checking port 80 and see what we can find there! Let's plug the IP address into a web browser and see what we're greeted with. Under "Server Information", we see it displays HttpFileServer 2.3 (also noted in our nmap scan!). Let's click on it and see where it brings us. Interesting! Let's see if there are any vulnerabilities we can exploit pertaining to Rejetto. Time to fire up Metasploit! Perfect! We have our exploit selected! But let's…
Read More
14Nov 2020 by admin

TryHackMe – Pokemon

http, pokemon, privilege escalation, ssh, TryHackMe
Greetings everyone! In today's post, we'll be attacking another machine on the great platform TryHackMe. This machine is, you guessed it, Pokemon-themed! The description for this room mentions that there are actually four flags to find! Three of them are based off of Pokemon types (Grass, Water, Fire), and then there is a root flag to find. Well, it actually says 'What is Root's favorite Pokemon?". I'm going to treat that as the root flag as I'm assuming that we'll need root-level access to find that out! Let's jump in to find out! As always, we'll begin with our trusted Nmap scan! Only two ports open, but one of them is port 80. Let's start enumerating that web server! The landing page is the default Apache2 page: While poking around…
Read More
12Oct 2020 by admin

TryHackMe – Bounty Hacker

ftp, privilege escalation, ssh, TryHackMe
Greetings everyone! I have a pretty quick walkthrough today for you! Once again, we'll be using the fantastic platform TryHackMe. The box we'll be tackling is called Bounty Hacker! With our Kali box fired up, we'll start off with our trusted Nmap scan! We can see that we get a few hits back; the main one being FTP! Nmap shows that the box allows for anonymous login, so let's connect that way and grab any files that we can! We can see that two files are listed: locks.txt and task.txt. Time to download them and see what goodies are inside! We'll first cat out the task.txt file: Looks like this task file was created by someone named "lin". This is great because we have a possible username that we may…
Read More
11Oct 2020 by admin

Exploiting ZeroLogon!

privilege escalation, remote access, vulnerability
Greetings everyone! In today's post, we'll be exploring the ZeroLogon vulnerability and demonstrating just how easy it is to exploit! What Is It? The ZeroLogon vulnerability, tracked as CVE-2020-1472, is an authentication bypass vulnerability, which allows for privilege escalation, in the Netlogon Remote Protocol (MS-NRPC), a remote procedure call (RPC) interface that Windows uses to authenticate users and computers on domain-based networks. According to a blog post on Secura's website, Zerologon takes advantage of a weak cryptographic algorithm used in the Netlogon authentication process. This bug allows an attacker to manipulate the Netlogon authentication procedures and: Impersonate the identity of any computer on a network when trying to authenticate against the domain controller Disable security features in the Netlogon authentication processChange a computer's password on the Domain Controller's Active Directory…
Read More
24Aug 2020 by admin

TryHackMe – Agent Sudo

ftp, privilege escalation, ssh, Steganography, TryHackMe
Greetings everyone! I'm back with another machine walkthrough from the hacking platform TryHackMe! This machine is called Agent Sudo! So without any further ado, let's jump into it! We'll start off with our trusty Nmap scan: Alright, well right off the bat we can see that port 80 is open, and that means there is a website to check out! Great, let's browse to it! Hmm! Now there wasn't much, actually nothing, returned from any type of enumeration or vulnerability scanning on this website! That being the case, I went back and re-read the message that was displayed. At the moment, we have no sweet clue what our "codename" is. But what we can do is use cURL to spoof our user-agent. Putting out detective hat on, we notice that…
Read More
09Jun 2020 by admin

TryHackMe – Alfred

meterpreter, msfvenom, Powershell, privilege escalation, Tokens, TryHackMe
Greetings everyone!In today's post, we're going to try something a little different! I've recently signed up for a new hacking training platform called TryHackMe. I've read a few posts regarding TryHackMe, and the reviews have been nothing but outstanding, so I figured let's give it a shot! In today's post, I'll be attacking the box called Alfred. So let's get to it! Alfred has an IP of 10.10.33.30. Knowing that, let's start off with an Nmap scan! Only 3 open ports are returned so we don't have a lot to work with. Let's start by browsing to port 80: RIP Bruce Wayne?? Well that's not a message I wanted to see. Did Bane (the best super-villain) finally end Batman, once and for all? Anyways, back to the mission at hand!…
Read More
07Nov 2019 by admin

Hack The Box – Grandpa

hackthebox, metasploit, meterpreter, privilege escalation
Greetings everyone! We're back with another Hack The Box walkthrough; this one is called Grandpa. So without further ado, let's jump right into it!The machine Grandpa has the IP 10.10.10.14, so let's get started with an Nmap scan. As we can see by the results returned, we don't have a lot to go on. Port 80 is open and the web service running is Microsoft IIS httpd 6.0. Let's browse to 10.10.10.14 to see if we can find anything useful! Here we are greeted with the default "under construction" portal. I ran a couple of enumeration scripts for directory brute forcing, but nothing came up. So let's fire up Metasploit and search for IIS! After a bit of research and trial and error testing, the exploit we'll be using is…
Read More
08Jul 2019 by admin

Hack The Box – Mirai

hackthebox, http, privilege escalation, ssh
Greetings everyone! Sorry for the long delay, but I'm back with a hot new walkthrough of a Hack the Box machine; this one is called Mirai! For those of you not familiar with Mirai, it's a strain of malware that was responsible for a massive botnet that infected IoT (Internet of Things) devices, which in turn resulted in massive DDoS attacks. Knowing this information, we may be dealing with an IoT device on this box! Let's get started!Mirai is located at 10.10.10.48, so let's get the ball rolling with an nmap scan: Alright so the first thing that jumps out is that port 80 is open, so let's start enumerating it to see if we can pull some more information. We can use Nikto for this: Look at this! Right…
Read More