Just passed my OSCP this weekend, successfully hacking into all five boxes that were presented! Summary of exam: This exam is a great way to prove your penetration testing skills and a great one to add to your resume. It is a 24-hour exam (although you don’t need to use the whole time) and it […]
Hackthebox – SecNotes Writeup
This is a write-up for the Secnotes machine on hackthebox.eu which was retired on 1/19/19! Summary Secnotes is a medium difficulty Windows machine which will help you practice some basic SQL injection, explore SMBclient, and use some simple php scripting. Enumeration As always, our first step is enumeration. We use the following command in nmap […]
Tracking File Deletions on Windows
If you are suspecting a user, process, virus, malware, or hacker deleting your files, you don’t have to buy expensive software to track what is deleting files. You can keep track of anything that deleted your files using Windows auditing. You need to have Windows Professional or better (Home will not work) to use this […]
Hackthebox – Waldo Writeup
This is a write-up for the Waldo machine on hackthebox.eu which was retired on 12/15/18! Step 1: enumerate! Run an automated scan with this script: https://github.com/vishalb2308/Pentest-Enumeration-Script/blob/master/EnumScript.py or something like: nmap -sC -sV -oA /tmp/nmap1.txt -Pn 10.10.10.87 Which should result in something like this: We type in 10.10.10.87 in the browser and this shows up: At […]
Hackthebox – Jerry Writeup
This is a write-up for the Jerry machine on hackthebox.eu which was retired on 11/17/18! First we start with a nmap scan: map -sC -sV -Pn 10.10.10.95 8080 is open: 8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1 |_http-favicon: Apache Tomcat |_http-server-header: Apache-Coyote/1.1 |_http-title: Apache Tomcat/7.0.88 We go to the page by going to http://10.10.10.95:8080 […]
Hackthebox – Bounty Writeup
This is a writeup for the Bounty machine on hackthebox.eu which was retired on 10/27/18! We first enumerate ports with: nmap -sC -sV -Pn 10.10.10.93 Port 80 is open so we go to it and it shows a wizard, nice. We look around the site and find that the server is Microsoft-IIS/7.5 but that’s not […]
Hackthebox – DevOops Writeup
This is a writeup for the DevOops machine on hackthebox.eu which was retired on 10/13/18! First, enumerate! Let’s try the custom python enumeration script a friend of ours made: https://github.com/vishalb2308/Pentest-Enumeration-Script/blob/master/EnumScript.py The nmap part of the script indicates that: ports 22 and 5000 are open ssh is on 22 and supports publickey and password authentication Server […]
Hackthebox – Sunday Writeup
This is a writeup for the Sunday machine on hackthebox.eu which was retired on 9/29/18! We started with a typical nmap scan: nmap -sC -sV -Pn 10.10.10.76 This results in: We then start a nmap scan on all ports: nmap -p 1-65535 -T4 -A -v –min-rate 1000 –max-retries 5 10.10.10.76 We get two additional ports […]
Hackthebox – Canape Writeup
This is a writeup for the Canape machine on hackthebox.eu which was retired on 9/15/18! First, enumerate! Let’s try the custom python enumeration script a friend of ours made: https://github.com/vishalb2308/Pentest-Enumeration-Script/blob/master/EnumScript.py We find that port 80 is open and the page looks something like this: nmap (with command nmap -sC -sV 10.10.10.70) indicated that there was […]
Hackthebox – Poison Writeup
This is a writeup for the Poison machine on hackthebox.eu which was retired on 9/8/18! Enumeration first! We do a standard scan with nmap: nmap -sC -sV -Pn 10.10.10.84 We find ports 22 and 80 open, nice. We go to 10.10.10.84. Nice it actually lists out the files that are there.. don’t even have to […]