In this penetration testing scenario, the target machine with IP address 192.168.222.121 was assessed for vulnerabilities and exploited to gain unauthorized access. The following steps were taken: Initial Reconnaissance: A network scan using Nmap revealed that only port 80 (HTTP) was open on the target machine. Nmap scan report for…

Embark on an exciting journey through Seppuku:1 Vulnhub challenge. Learn how to uncover hidden secrets, decode keys, and bypass restrictions. Crack passwords, escalate privileges, and claim victory by capturing the final flag. Join us in this cybersecurity adventure and discover the thrill of hacking puzzles. Let’s start with the first…

In this walkthrough, we started by conducting an Nmap scan to identify open ports and services on the target system, which had multiple open ports, including SSH, HTTP, Samba, and others. We decided to focus on enumerating SMB first. Using the smbclient tool, we listed the available shares and found…

In this writeup, we’ll explore the steps taken to conquer a Capture The Flag (CTF) challenge, highlighting the process from initial enumeration to privilege escalation. Enumeration Phase: Upon conducting an initial Nmap scan, two open ports were identified on the target machine: SSH on port 22 and HTTP on port…

DC-2 machine involved initial reconnaissance with Nmap, WordPress user enumeration, custom wordlist generation, password cracking, escaping a restricted shell, privilege escalation via sudo misconfiguration, and using GTFOBins to achieve root access. This engagement highlighted the importance of proper user and privilege management in securing systems. Let’s start with first things…

Late is an easy machine from HackTheBox where the attacker will have an SSTI vulnerability on an OCR application to obtain the user’s SSH private key. Finally, to become root, it will have to check a bash script being executed as root each time someone connects through SSH. …

I’ll start by getting a custom .NET tool from an open SMB share. With some light .NET reversing, through dynamic analysis, I can get the credentials for an account from the binary. With those, I’ll enumerate LDAP and find a password in an info field on a shared account. …

DC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing. It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn. …

One of the neat things about HTB is that it exposes Windows concepts unlike any CTF I’d come across before it. Forest is a great example of that. It is a domain controller that allows me to enumerate users over RPC, attack Kerberos with AS-REP Roasting, and use Win-RM to…