Mar 8, 2021HackTheBox Writeup — PassageThis is my writeup for the HackTheBox machine ‘Passage’, which runs a Linux OS and is one of the ‘Medium’ rated machines. Summary A web application supported by Fail2Ban means we have to do some manual enumeration, leading to us finding a CuteNews CMS v2.1.2 installation that is vulnerable to RCE…Hackthebox Writeup6 min readHackthebox Writeup6 min read
Mar 8, 2021HackTheBox Writeup — BlunderThis is my write-up for the HackTheBox machine ‘Blunder’, which runs a Linux OS and is one of the ‘Easy’ rated machines. 1. Summary The initial foothold on this box involves gaining access to BluditCMS via a brute-force password attack, after which we obtain a reverse shell by exploiting a Directory Traversal…Hacking5 min readHacking5 min read
Mar 8, 2021HackTheBox Writeup — AcademyThis is my write-up for the HackTheBox machine ‘Academy’, which runs a Linux OS and is one of the ‘easy’ rated machines. 1. Summary Exploiting a vulnerable ‘roleID’ parameter in the web application’s user registration function gives us an account with elevated privileges, which reveals a new virtual hostname. …Security6 min readSecurity6 min read
Feb 7, 2021HackTheBox Writeup — DoctorThis is my write-up for the HackTheBox machine ‘Doctor’, which runs a Linux OS and is one of the ‘easy’ machines. Summary Finding a virtual host name reveals another web application that allows us to perform Server-Side Template Injection and get a reverse shell as a low privilege user on the…Cybersecurity5 min readCybersecurity5 min read
Dec 1, 2020HackTheBox Writeup — TabbyThis is my write-up for the HackTheBox machine ‘Tabby’, which runs a Linux OS and is one of the ‘easy’ rated machines. 1. Summary A Local File Inclusion (LFI) vulnerability lets us obtain Tomcat user credentials, enabling us to upload a reverse shell and gain a foothold. To escalate to user ‘Ash’…Ctf6 min readCtf6 min read
Nov 30, 2020HackTheBox Writeup — CacheHack the Box is an online platform where you can practice your penetration testing skills. This is my write-up for the HackTheBox machine ‘Cache’, which runs a Linux OS and is one of the ‘medium’ rated machines. 1. Summary The initial foothold on this box involves clever enumeration with cewl and wfuzz…Information Security6 min readInformation Security6 min read
Nov 29, 2020HackTheBox — MagicHack the Box is an online platform where you can practice your penetration testing skills. This is my write-up for the HackTheBox machine ‘Traceback’, which runs a Linux OS and is one of the ‘Easy’ rated machines. Summary To gain a foothold we bypass the web app authentication using SQLi and…Information Security6 min readInformation Security6 min read
Nov 26, 2020HackTheBox Writeup — TracebackHack the Box is an online platform where you can practice your penetration testing skills. This is my write-up for the HackTheBox machine ‘Traceback’, which runs a Linux OS and is one of the ‘Easy’ rated machines. 1. Summary The initial foothold on this box involves finding a hidden web-shell on an…Hackthebox5 min readHackthebox5 min read
Jun 20, 2020HackTheBox Writeup — ServMonHack the Box is an online platform where you can practice your penetration testing skills. This is my write-up for the HackTheBox machine ‘ServMon’, which runs a Windows OS and is one of the ‘Easy’ rated machines. 1. Summary To obtain a user shell we perform a directory traversal exploit on the…Ctf5 min readCtf5 min read
Jun 8, 2020TryHackMe Walkthrough— WonderlandThis is my write-up for the CTF room ‘Wonderland’ on TryHackMe, which involves two path hijacking exploits and exploiting setuid capabilities on a Perl binary to get a root shell. 1. Enumeration and Initial Foothold (Alice) As always we start of with an Nmap scan to see what ports are open and which services are running…Tryhackme6 min readTryhackme6 min read
