‘Doctor’ is an easy rated box on Hack The Box. We’ll use FFuF to discover a hidden registration page, Server Side Template Injection to gain a shell and a public exploit for Spelunker to elevate our privileges
whoamiMy name is Jay and I'm a penetration tester at Security Innovation.
I find that I'm able to retain information a little easier if I write it down as if I'm trying to teach someone how to do it. So this is basically a culmination of all of my notes presented in a 'how-to' or 'teaching' format.
As time goes on you'll be able to find things like Box and CTF Challenge Writeups, cheatsheets I've written for myself, projects I'm working on and even some articles on tools/concepts that I come across as I learn.
Feel free to contact me on Twitter!
‘Academy’ is an easy rated box on Hack The Box. We’ll use FFuF to discover a hidden page, metasploit to explot Laravel for access and common enumeration for privilege escalation
‘THM Challenge’ is a WebApp that I wrote to send along with my CV to TryHackMe when they were recruiting Content Engineers
Granny & Grandpa are a pair of identical easy rated boxes on Hack the Box. We’ll use metasploit to exploit a buffer overflow in IIS 6.0/WebDav for access and a kernel exploit for privesc
‘Optimum’ is an easy rated box on Hack the Box. We’ll exploit a vulnerable version of HttpFileServer for access and use Windows Exploit Suggester to find a kernel exploit for privesc