Injection

HackTheBox – CozyHosting

Marceli 27 September 2023 No Comments

Information Gathering and Vulnerability Scanning Initial nmap shows that 3 ports are opened. Later I did another scan with all ports: I have run also nikto scan, but nothing interesting…

Enumeration Injection Insecure Design Privilege Escalation Red Team

HackTheBox – Cronos

Marceli 20 May 2022 No Comments

nmap shows 3 open ports: ssh, bind dns service and Apache http Default page

Enumeration Injection Local file inclusion Privilege Escalation Red Team Weak configuration

HackTheBox – Poison CTF walkthrough

Marceli 28 March 2022 No Comments

pwdbackup.txt looks interesting I checked it with CyberChef and didn't get any "magic" hint. Later I will decode it There is a LFI access.log is accessible I don't have permissions…

Buffer Overflow Enumeration Hashes Injection Privilege Escalation Red Team Reverse engineering

HackTheBox – Node CTF walkthrough (BoF)

Marceli 23 February 2022 No Comments

Initial scan shows 2 open ports

CVE Enumeration Injection Red Team

HackTheBox – Sense CTF walkthrough

Marceli 22 February 2022 No Comments

Looks like some old version of pfsense. Default credentials (admin:pfsense) doesn't work. Only http/https ports are opened Nothing interesting so far Certificate date Username is exposed rohit:pfsense works: Version: 2.1.3…

Hashes Injection Insecure Design Privilege Escalation Red Team Weak configuration