HackTheBox “Vault” Write-Up
This was a fun one. To be honest, I even liked it more than my previous favorite, “Active”. The “theme” of this box was tunneling, in the several forms it appears. SSH, VPN, Proxy. It was a great...
View ArticleHackTheBox “Ellingson” Write-Up
Fans of Hacker Culture or those being part of it might smile at the title. The Box’s name, of course, is a reference to the cult classic “Hackers” (I do recommend you watch it if you haven’t already)....
View ArticleOverTheWire “Bandit” Write-Up
After “Ellingson” made me realize that I am still a bit lacking in the Binary Exploitation department, I decided to put some focus on improving my skills in that area. I was told that “OverTheWire” is...
View ArticleHackTheBox “Lame” Write-Up
Okay, this is gonna be a quickie. But the box contains a lot of the concepts that are also important in more complex boxes or real-life scenarios. So, let’s take a gander. As always, let’s start with a...
View ArticleOverTheWire “Leviathan” Write-Up
The next installment in the OverTheWire wargame series, “Leviathan” expands upon “Bandit” in that it does not require any programming skills, but rather deals with Linux command line basics. Let’s take...
View ArticleHackTheBox “Legacy” Write-Up
On my quest through the retired boxes of HackTheBox, the next adversary is “Legacy”. If there were a moral to this box, it would be “Patch your shit!”. nmap -p- -A 10.10.10.4 Nmap scan report for...
View ArticleHackTheBox “Devel” Write-Up
Another Windows Box, another lesson in “Patch your shit!” nmap -p- 10.10.10.5 Nmap scan report for 10.10.10.5 Host is up (0.11s latency). Not shown: 65533 filtered ports PORT STATE SERVICE 21/tcp open...
View ArticleHackTheBox “Safe” Write-Up
This was an interesting one. It came with paths that are fairly uncommon in CTF machines, so I found it to be really enjoyable. As always, we start with an nmap scan: $ nmap -p- -A 10.10.10.147 PORT...
View ArticleCVE-2018-19300: Remote Command Execution Vulnerability in D-Link DWR Routers
Overview In early November, 2018, while analyzing D-Link DWR devices, we discovered a vulnerability in DWR-711 and DAP-1530 Routers. This vulnerability would allow an unauthenticated attacker to...
View ArticleHackTheBox “Waldo” Write-Up
Waldo is one of the easier machines on HackTheBox, and the vulnerabilities that we need to exploit are not necessarily representative of the real world. The way to “user” has an easier form of a common...
View Article
More Pages to Explore .....