As usual, I followed IppSec’s video on how to crack this box I had trouble getting the SMB file share on this one and it finally worked with the other impacket’s smbserver script. It was also fun to learn about the hidden data stream and how to view it. Things I learned today & review: KeePass — …

This box was labeled as “insane” and I couldn’t have completed without the IppSec’s walkthrough video but I still learned a lot from it. What I learned today: HTTPs Enum: Check for alternate names & emails in certificates Wordpress Enum: wpscan — url https://brainfuck.htb — disable-tls-checks Register your API token to see vuln …

What I learned today: Nmap: -p- — max-retries 1 (or 0) — this speeds up the all port scan a bit. Port 79 fingerprint service , https://en.wikipedia.org/wiki/Finger_%28protocol%29 it revealed some usernames on the service with the finger-user-enum tool. ssh: add keyalgorithm with -okexAlgorithms=+ALGORITHM_ NAME By using |less -s kills off…

Today, I’m getting into the Valentine Box on HTB. (The V-day is also coming close!) As usual, I attempted to hack it myself and used IppSec’s walkthrough for reference. https://youtu.be/XYXNvemgJUo What I learned today/ Reminder vim set:paste option ssh naming convension -> username_key ssh private key — make sure to paste everything! (I forgot to…

I’ve done this box a long time ago while following a TCM’s video, but I decided to give it a go again with fresh perspective and with the help of Ippsec’s walkthrough https://www.youtube.com/watch?v=s_0GcRGv6Ds Nmap Scan Result: Nmap scan report for 10.129.168.232 Host is up (0.11s latency). Not shown: 65532 closed tcp ports…

I followed a walk-through video by IppSec to crack the Sense box on HTB. Source: https://www.youtube.com/watch?v=d2nVDoVr0jE This write-up demonstrates how I got the root flag and how IppSec introduced one way to write a python script to brute force credentials with burpsuite. Using CVE to root the machine. Nmap Scan…

Hi, everyone! I’m on the week 3 since I started taking the OSCP course. This week, I decided to focus on going through as many tutorials and walkthrough as possible to gain experience in CTF(Capture The Flag) type boxes. I enrolled in the offensive security path on the https://tryhackme.com/ and…

For the last few days, I have been studying about different web app attacks through the PWK course. Some of them were refreshers for me as I learned them in the MS program. …

Do you remember what you ate last Monday? I don’t. Some people have incredible brains and remember every single task that you need to accomplish: not me. I recently discovered that I’m a task-oriented individual; if I make a list, I most likely won’t fail completing all of them and…