Bashed
‘Bashed’ is an easy rated box on Hack the Box. We’ll use gobuster to uncover some hidden directories on a webserver, use a custom bash/php client to gain a shell and exploit a script being run as a cronjob for root
whoami
My name is Jay and I'm a penetration tester at Security Innovation.I find that I'm able to retain information a little easier if I write it down as if I'm trying to teach someone how to do it. So this is basically a culmination of all of my notes presented in a 'how-to' or 'teaching' format.
As time goes on you'll be able to find things like Box and CTF Challenge Writeups, cheatsheets I've written for myself, projects I'm working on and even some articles on tools/concepts that I come across as I learn.
Feel free to contact me on Twitter!
Recent posts
Nibbles
‘Nibbles’ is an easy rate box on Hack The Box. We’ll use gobuster to enumerate the ‘Nibbleblog’ platform, burpsuite’s intruder for bruteforcing a login and a public exploit for the initial shell.
Devel
‘Devel’ is an easy rated box on Hack the Box. To solve this box we’ll take advantage of anonymous FTP login, craft shellcode using msfvenom and use metasploit’s local exploit suggestor to find the path to privesc
Blue
‘Blue’ is an easy rated box on Hack the Box. We’ll be using Nmap’s scripting engine to detect a vulnerability and Metasploit to exploit it.
Legacy
‘Legacy’ is an easy rated box on Hack the Box. We’ll be using Nmap’s scripting engine to detect a vulnerability and Metasploit to exploit it.