‘Tenet’ is a medium rated box on Hack the Box. We’ll be using PHP Object Injection to get RCE and identify a race condition in a custom script for privesc.
whoamiMy name is Jay and I'm a penetration tester at Security Innovation.
I find that I'm able to retain information a little easier if I write it down as if I'm trying to teach someone how to do it. So this is basically a culmination of all of my notes presented in a 'how-to' or 'teaching' format.
As time goes on you'll be able to find things like Box and CTF Challenge Writeups, cheatsheets I've written for myself, projects I'm working on and even some articles on tools/concepts that I come across as I learn.
Feel free to contact me on Twitter!
‘Skynet’ is a box on TryHackMe. We’ll be enumerating SMB shares, brute forcing a login and exploiting a Remote File Inclusion vulnerability in Cuppa CMS for a foothold. For our root shell we’ll take a look at exploiting some wildcard injection using a script that’s being run as a cronjob.
This is a Cheatsheet I created for reference when using FFuF
‘Ready’ is a medium rated box on Hack the Box. We’ll be using a public exploit for a vulnerable Gitlab version for a shell, enumeration and password reuse for privesc and escape a docker container for root
‘Delivery’ is an easy rated box on Hack the Box. We’ll be looking at OSTicket and Mattermost for a foothold and hash cracking for root.