Doctor hackthebox walkthrough
Doctor is an easy linux machine from hackthebox. The initial foothold exploits SSTI/XSS and with splunkd you get the privilege escalation
0 Comments
January 12, 2021
Ghoul hackthebox walkthrough – Part 2
Ghoul is a hard linux machine from hackthebox The privilege escalation exploits the gogs vulnerability and ssh-agent's sign-on mechanism to get the root.
January 5, 2021
Ghoul Hackthebox walkthrough – Part 1
Ghould is a hard linux machine from hackthebox. Find the machine in the retired section.
January 5, 2021
The ultimate guide to HTTP request & response headers
End-users constantly make GET or POST request to the internet to retrieve information. The most common protocol used here is HTTP/S. But this communication is not just about making requests. It needs to be meaningful when sent from client to server or vice-versa. Here’s when HTTP header comes in. With headers, client/server can send additional information with HTTP request. In this blog…
September 10, 2020
How to deploy a Django Web Application for free on pythonanywhere
Deploy django web applications for free on pythonanywhere. Also solve the hassle of storing static files.
August 21, 2020
Buff hackthebox walkthrough
Hey there! This is Shreya and today I am gonna show you how to pwn buff from hackthebox. Buff is an easy level windows machine having a straightforward way to obtain initial foothold. Privilege escalation to Administrator requires to abuse a service that has its exploit available on exploit-db, still its tricky to get through. With that being said, let's get started.…
July 27, 2020
My experience at first Nullcon!
Most often people plan a trip to Goa for its beaches, the exotic cashew wine, the breathtaking sceneries and the elegant casinos. But for me, the reason was quite different. Its Nullcon. It was their 10th anniversary, after missing so many years of exclusive seminars and a bunch of elite sessions at a prime venue, I finally got my first chance to…
July 23, 2020
Remote Hackthebox walkthrough
Hey fellas!! Its time for remote from hackthebox. This was an easy Windows machine. The initial foothold for the machine was based on CVE of a CMS and has a straight-forward privilege escalation to Administrator.With all that said, let’s get started!! Scan the host for the open ports and services. # nmap -sC -sV -oA remote.nmap 10.10.10.180 The output revealed 3 interesting…
July 23, 2020
Aragog Hackthebox walkthrough
Aragog is a medium level linux machine from hackthebox. Initial foothold is based on exploiting XXE and the privilege escalation requires to log the password by creating a backdoor.
July 21, 2020
Penetration testing checklist for linux
The linux penetration checklist is a list of points that you should always look into while pentesting into any linux box. It has points from initial foothold to privilege escalation
July 16, 2020
How I cracked TCS Digital 2019 interview
Crack tcs digital interview with a few tips and tricks. Know where to focus, what to improve, what to learn.
July 10, 2020
Querier: Hackthebox walkthrough
Querier is a medium level windows machine. It exploits the mssql-server running on the box. The privilege escalation to administrator exploits GPP xml files
July 7, 2020
Lxd privilege escalation with security.privilege= true
When a normal user is part of lxd group, he can easily escalate his privileges to root..security.privilege= true creates a privileged lxd container.
July 1, 2020
Canape hackthebox Writeup
Hey pentesters! In this post blog post, I am gonna walk you through canape that is a medium linux machine from hackthebox. Summary The initial foothold on the box is based on python pickle injection that leads to remote code execution. Privilege escalation to user exploits a vulnerability in couchdb that can be leveraged to create a dummy user with _admin role.…
June 25, 2020
Admirer : Hackthebox Walkthrough
Hi! This is Shreya Pohekar. And Today, its time for Admirer from hackthebox. So it was an "easy" rated machine, still, it needed a vigilant eye to make it through. Summary The initial foothold on the box required a lot of enumeration. The creators of the box really wanted to take a note of every detail. Getting the user required to have…
June 19, 2020