Introduction This is rated a medium difficulty machine, I encountered a lot of twists and turns, the items found do not give me direct answers, but are required to reveal the answers that is user.txt and root.txt. Very interesting machine which requires the knowledge of manual ldap enumeration with ldapsearch to gain initial foothold, then … Continue reading [hackthebox]Cascade
misDIRection is a miscellaneous challenge in hackthebox, the zipped file contains a hidden folder with many subdirectories, and not every subdirectories have a file, the filenames are all unique numbers and a total of 36 of them, there are no contents within the files. This is a clueless challenge to be honest..., I depended on … Continue reading [hackthebox]misDIRection
Blackhole is a miscellaneous challenge in hackthebox which requires me to download a file and to find the flag within the file, this post document the process of finding the flag but the flag will not be revealed in this post. 1. Unzip the package It is a nested zipped package. At first glance it … Continue reading [hackthebox]Blackhole
There is no excerpt because this is a protected post.
Introduction Servmon is a new machine which receives very low ratings because a lot of people are complaining about the nsclient++ web portal being "unstable", well this can be circumvented by using chromium browser, if you are using kali linux as root then run chromium --no-sandbox, you cannot login to this portal remotely because it … Continue reading [hackthebox]Servmon
Things I have learned How to check Redis' vulnerability by using redis-cli. Detail enumeration with nmap, my first attempt of scanning I did not discover the redis port. How to enumerate with redis-cli. NMAP enumeration nmap -sC -sV -p- -oN postman 10.10.10.160 -vvv -p- this is a shorthand of -p 1-65535 so this option scans … Continue reading [hackthebox]Postman
Introduction I have not developed hacker's hunch yet and hope to do continuous learning to learn more techniques and hopefully I can develop a hunch soon, I am following a few walkthroughs and htb's official guide, to be honest if I am to start hacking this machine I think I will take two weeks to … Continue reading [hackthebox]Cronos
You have to find the invite code yourself, the link is https://www.hackthebox.eu/invite in order to join the club to learn hacking yourself. The invite code extraction method may change, but this is the current one as of today 25th of Feb 2020. I am using firefox, so on this https://www.hackthebox.eu/invite, click on web developer on … Continue reading HackTheBox – Get the invite code