GrandPa is a windows machine rated easy. The machine is running a vulnerable version of IIS which we are able to exploit and gain access, however, the user we have is not a system user. We end up having to migrate to another user, exploit yet another vulnerability to escalate privileges into system. As system, … Continue reading WriteUp: HackTheBox GrandPa
Month: June 2021
WriteUp: HackTheBox Optimum
My next HackTheBox machine to play around with is Optimum. It is a Windows system running HTTP File Server and rated easy. As the machine is running a vulnerable version of HFS, we are able to exploit a vulnerability and gain user access to the box. Inorder to get the root flag, we take advantage … Continue reading WriteUp: HackTheBox Optimum
WriteUp: HackTheBox Nibbles
My fourth box to play around with in HackTheBox is Nibbles. It is a Linux machine rated easy. Scanning the box shows two open ports, SSH and HTTP. Following the HTTP route, we are able to gain access to the server. As the user has permissions to run a file without requiring a password, we … Continue reading WriteUp: HackTheBox Nibbles
WriteUp: HackTheBox Jerry
This being my third box on HackTheBox, we are able intercept the communication and using brute force, gain access to the Windows Server via easily available default credentials. Once on the server, we spin up a reverse shell that gives us system access. From there on, it's smooth sailing to the flags. Table of Contents … Continue reading WriteUp: HackTheBox Jerry
WriteUp: HackTheBox Devel
This is my second box in HackTheBox. There are probably a couple of different ways to exploit this but I went with the FTP path as FTP is known to be vulnerable. Maybe later in time, I will come back and try to exploit it using HTTP (if at all possible). We first exploit a … Continue reading WriteUp: HackTheBox Devel
WriteUp: HackTheBox Blue
Getting back on HTB. Last time, I had to shift focus after 1 or 2 boxes and did not even have a writeup for them. Let's see how long I'll last this time round :). I'm basically starting from scratch now so let's just say, this is my very first box in my list of … Continue reading WriteUp: HackTheBox Blue
My GIAC Certified Forensic Analyst (GCFA) Experience
In late January, I was offered a moderator position via SANS Work Study Program that allowed me to attend the FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics course taught live online by instructor Mat Fuchs. This is a 6 day intensive course that cumulates in a capstone challenge on day 6. Being a … Continue reading My GIAC Certified Forensic Analyst (GCFA) Experience