
HackTheBox Writeup - TwoMillion
TwoMillion is a special release from HackTheBox to celebrate 2,000,000 HackTheBox members. It released directly to retired, so no points and no bloods, just for run. It features a website that look...
TwoMillion is a special release from HackTheBox to celebrate 2,000,000 HackTheBox members. It released directly to retired, so no points and no bloods, just for run. It features a website that look...
Pilgrimage is an easy-difficulty Linux machine featuring a web application with an exposed Git repository. Analysing the underlying filesystem and source code reveals the use of a vulnerable versio...
Escape is a Medium difficulty Windows Active Directory machine that starts with an SMB share that guest authenticated users can download a sensitive PDF file. Inside the PDF file temporary credenti...
Request Credentials Reverse DNS lookup and AXFR request doesn’t work /etc/hosts # THM STUFF 10.200.19.101 THMDC za.tryhackme.com THMDC.za.tryhackme.com 10.200.19.249 THMJMP2.za.tryhackme.co...
Credential Injection Runas Explained Have you ever found AD credentials but nowhere to log in with them? Runas may be the answer you’ve been looking for! In security assessments, you will often ...
Introduction to AD Breaches Alert!, This Room Is Aweful Active Directory (AD) is used by approximately 90% of the Global Fortune 1000 companies. If an organisation’s estate uses Microsoft Win...
Room Objectives In this room, we will learn about Active Directory and will become familiar with the following topics What Active Directory is What an Active Directory Domain is What compo...
Stocker is a medium difficulty Linux machine that features a website running on port 80 that advertises various house furniture. Through vHost enumeration the hostname dev.stocker.htb is identified...
Pre-engagement Briefing You have been assigned to a client that wants a penetration test conducted on an environment due to be released to production in three weeks. Scope of Work The client re...
Info You have been assigned to a client that wants a penetration test conducted on an environment due to be released to production in seven days. Scope of Work The client requests that an engine...
Recon Forensics - Analyze the PCAP Use bettercap to parse packets (because I love bettercap) sudo bettercap set net.sniff.source overpass2.pcapng net.sniff on Questions What was the URL of ...
Recon Autorecon sudo $(which autorecon) -vv -m 3 --dirbuster.threads 50 --reports markdown --dirbuster.tool gobuster 10.10.74.153 Nmap # Nmap 7.94 scan initiated Tue Jun 20 08:30:14 2023 as:...
Recon Autorecon sudo $(which autorecon) -vv -m 5 --dirbuster.threads 100 --reports markdown --dirbuster.tool gobuster 10.10.67.8 AutoRecon never finishes, it just hangs or says there is 1 t...
Obtain access via SQLi Login form looks super suspicious Try payload admin' or 1=1 -- - Can try another payload : ' or 1=1 -- - Login success, redirected to /portal.php Single quote test...