Lupin One - Vulnhub
A detailed walkthrough of the scanning, enumeration, and exploitation phases during a penetration test, including the use of tools like Nmap, ffuf, and Metasploit.
Posts by Category
WriteUp
Lupin One - Vulnhub
Writeup - Hack The Box
The writeup begins with a straightforward unauthenticated vulnerability in CMS Made Simple, which I exploit to retrieve the database credentials. After cracking the user’s hash, I discover they reused the same password for SSH, allowing me to access the machine. The privilege escalation is particularly interesting: I have write permissions on /usr/local, enabling me to place a binary payload that gets executed by run-parts when I log in via SSH, as it is invoked without the full path.
Good Games - Hack The Box
GoodGames is an easy Linux machine highlighting SQL injection, weak hashing risks, and password reuse dangers. It also demonstrates SSTI via render_template_string in Python. Privilege escalation is achieved through Docker enumeration, leveraging container admin access to gain root on the host.
Sau - Hack The Box
Sau is an easy Linux machine exploiting SSRF in Request Baskets (CVE-2023-27163) to access a vulnerable Maltrail instance. An unauthenticated OS command injection grants a shell as puma, and sudo misconfiguration leads to root.
Jerry - Hack The Box
Jerry is an easy Hack The Box machine that realistically simulates exposed Apache Tomcat instances with weak or default credentials.
Cap - Hack The Box
Cap is an easy Linux machine where an IDOR vulnerability exposes network captures containing plaintext credentials, allowing initial access. Privilege escalation is achieved by exploiting a Linux capability to gain root.
MyExpense - Vulnhub
A walkthrough of the MyExpense Vulnhub machine, detailing the exploitation of XSS, CSRF, IDOR, and SQL Injection vulnerabilities to achieve the goal of getting an expense report approved.
HTB
Writeup - Hack The Box
The writeup begins with a straightforward unauthenticated vulnerability in CMS Made Simple, which I exploit to retrieve the database credentials. After cracking the user’s hash, I discover they reused the same password for SSH, allowing me to access the machine. The privilege escalation is particularly interesting: I have write permissions on /usr/local, enabling me to place a binary payload that gets executed by run-parts when I log in via SSH, as it is invoked without the full path.
Jerry - Hack The Box
Jerry is an easy Hack The Box machine that realistically simulates exposed Apache Tomcat instances with weak or default credentials.
Cap - Hack The Box
Cap is an easy Linux machine where an IDOR vulnerability exposes network captures containing plaintext credentials, allowing initial access. Privilege escalation is achieved by exploiting a Linux capability to gain root.
Tools
Password Brute Forcer Using Python
A Python script to brute-force passwords with a focus on ethical use. This program cracks passwords of length 1 to 7, using lowercase letters and numbers.
Conquering the eJPTv2, My Journey and Tips
Taking the eJPT v2 was a game-changer for me. It’s not just a certification—it’s a hands-on journey into the world of ethical hacking and penetration testing. With real-world labs, a browser-based exam environment, and a focus on practical skills, it gave me a genuine taste of what it’s like to work in cybersecurity. The exam itself was challenging but fair, with a strong emphasis on enumeration and exploiting common vulnerabilities.
Building a Home SIEM Lab with Elastic and Kali Linux
A step-by-step guide to setting up a home SIEM lab using Elastic and Kali Linux for hands-on SOC analyst experience.
Vulnhub
Lupin One - Vulnhub
A detailed walkthrough of the scanning, enumeration, and exploitation phases during a penetration test, including the use of tools like Nmap, ffuf, and Metasploit.
MyExpense - Vulnhub
A walkthrough of the MyExpense Vulnhub machine, detailing the exploitation of XSS, CSRF, IDOR, and SQL Injection vulnerabilities to achieve the goal of getting an expense report approved.
Incident Response
Phishing Unfolding
Dive into the heat of a live phishing attack as it unfolds within the corporate network.
Phishing URL Detected - Phishing Email Analysis
A detailed walkthrough of analyzing and responding to a phishing URL detection alert in a SOC environment from Let’s Defend.