Open in app

Sign In

Write

Sign In

Sanaullah Aman Korai
Sanaullah Aman Korai

37 Followers

Home

About

Sep 8

Proving Grounds Play: Shakabrah Walkthrough

Let’s begin with an Nmap scan on this machine, unveiling two open ports — 80 (HTTP) and 22 (SSH). Our journey starts with the HTTP port, where we discover a command injection vulnerability that we can escalate to remote code execution (RCE). By crafting a Python payload tailored to our…

Ctf Writeup

3 min read

Proving Grounds Play: Shakabrah Walkthrou
Proving Grounds Play: Shakabrah Walkthrou
Ctf Writeup

3 min read


Aug 30

Proving Grounds Play: Loly Walkthrough

In this penetration testing scenario, the target machine with IP address 192.168.222.121 was assessed for vulnerabilities and exploited to gain unauthorized access. The following steps were taken: Initial Reconnaissance: A network scan using Nmap revealed that only port 80 (HTTP) was open on the target machine. Nmap scan report for…

Ctf Writeup

4 min read

Proving Grounds Play: Loly Walkthrough
Proving Grounds Play: Loly Walkthrough
Ctf Writeup

4 min read


Aug 10

Proving Ground Play: Seppuku Walkthrough

Embark on an exciting journey through Seppuku:1 Vulnhub challenge. Learn how to uncover hidden secrets, decode keys, and bypass restrictions. Crack passwords, escalate privileges, and claim victory by capturing the final flag. Join us in this cybersecurity adventure and discover the thrill of hacking puzzles. Let’s start with the first…

Provinggrounds

6 min read

Proving Ground Play: Seppuku Walkthrough
Proving Ground Play: Seppuku Walkthrough
Provinggrounds

6 min read


Aug 8

Proving Grounds Play: Photographer Walkthrough.

In this walkthrough, we started by conducting an Nmap scan to identify open ports and services on the target system, which had multiple open ports, including SSH, HTTP, Samba, and others. We decided to focus on enumerating SMB first. Using the smbclient tool, we listed the available shares and found…

Provinggrounds

6 min read

Proving Grounds Play: Photographer Walkthrough.
Proving Grounds Play: Photographer Walkthrough.
Provinggrounds

6 min read


Aug 5

Proving Grounds Play: CyberSploit1 Walkthourgh

In this writeup, we’ll explore the steps taken to conquer a Capture The Flag (CTF) challenge, highlighting the process from initial enumeration to privilege escalation. Enumeration Phase: Upon conducting an initial Nmap scan, two open ports were identified on the target machine: SSH on port 22 and HTTP on port…

Offensive Security

4 min read

Proving Grounds Play: CyberSploit1 Walkthourgh
Proving Grounds Play: CyberSploit1 Walkthourgh
Offensive Security

4 min read


Aug 4

Proving Grounds: DC-2 Walkthrough

DC-2 machine involved initial reconnaissance with Nmap, WordPress user enumeration, custom wordlist generation, password cracking, escaping a restricted shell, privilege escalation via sudo misconfiguration, and using GTFOBins to achieve root access. This engagement highlighted the importance of proper user and privilege management in securing systems. Let’s start with first things…

Offensive Security

5 min read

Proving Grounds: DC-2 Walkthrough
Proving Grounds: DC-2 Walkthrough
Offensive Security

5 min read


Jul 16

HackTheBox: Late Walkthrough

Late is an easy machine from HackTheBox where the attacker will have an SSTI vulnerability on an OCR application to obtain the user’s SSH private key. Finally, to become root, it will have to check a bash script being executed as root each time someone connects through SSH. …

Hackthebox Writeup

5 min read

HackTheBox: Late Walkthrough
HackTheBox: Late Walkthrough
Hackthebox Writeup

5 min read


Jul 13

HackTheBox: Support Walkthrough

I’ll start by getting a custom .NET tool from an open SMB share. With some light .NET reversing, through dynamic analysis, I can get the credentials for an account from the binary. With those, I’ll enumerate LDAP and find a password in an info field on a shared account. …

Hackthebox

8 min read

HackTheBox: Support Walkthrough
HackTheBox: Support Walkthrough
Hackthebox

8 min read


Jul 12

Proving Grounds: DC-1 Walkthrough

DC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing. It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn. …

Provinggrounds

4 min read

Proving Grounds: DC-1 Walkthrough
Proving Grounds: DC-1 Walkthrough
Provinggrounds

4 min read


Jul 10

HackTheBox: Forest Walkthrough

One of the neat things about HTB is that it exposes Windows concepts unlike any CTF I’d come across before it. Forest is a great example of that. It is a domain controller that allows me to enumerate users over RPC, attack Kerberos with AS-REP Roasting, and use Win-RM to…

Cybersecurity

6 min read

HackTheBox: Forest Walkthrough
HackTheBox: Forest Walkthrough
Cybersecurity

6 min read

Sanaullah Aman Korai

Sanaullah Aman Korai

37 Followers

Passionate about InfoSec

Following
  • ARZ101

    ARZ101

  • Vikas Sharma

    Vikas Sharma

  • Sean (zseano)

    Sean (zseano)

  • Busra Demir

    Busra Demir

See all (5)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams