IT-Security.top

Data encryption Enumeration Hashes Red Team

HackTheBox – Brainfuck

Marceli 19 May 2022 No Comments

Checking SMTP service: https port: Based on nmap scan I am checking https with domain name: There is an additional domain name It revels a forum Users: admin, orestis Orestis…

HackTheBox – Sunday CTF walkthrough

Marceli 1 April 2022 No Comments

root, sammy, sunny - this users looks diffrent than others, probably other users have never been used I had issues with using hydra Hydra didn't work, because it takes long…

CVE Enumeration Red Team

HackTheBox – Blue CTF walkthrough

Marceli 31 March 2022 No Comments

CVE-2017-0143 nmap --script=smb-os-discovery.nse --script-args=unsafe=1 -script=smb-vuln-ms17-010.nse -p445 <ip> This host is vulnerable to popular CVE-2017-0143, I decided to use metasploit: I have system privileges

Buffer Overflow CVE Enumeration Privilege Escalation Red Team Reverse engineering Weak configuration

HackTheBox – October CTF walkthrough (BoF)

Marceli 30 March 2022 No Comments

No hints regarding version of October CMS admin:admin I wanted to check version: There is a possibility to upload a files. File with extension .php5 is located, so I will…

Enumeration Injection Local file inclusion Privilege Escalation Red Team Weak configuration

HackTheBox – Poison CTF walkthrough

Marceli 28 March 2022 No Comments

pwdbackup.txt looks interesting I checked it with CyberChef and didn't get any "magic" hint. Later I will decode it There is a LFI access.log is accessible I don't have permissions…

CVE Enumeration Privilege Escalation Red Team

HackTheBox – Valentine CTF walkthrough

Marceli 28 February 2022 No Comments

Looks like heart with bleed.. 22 ssh OpenSSH 5.9.p1 5ubuntu1.1080 http Apache 2.2.22443 https Apache 2.2.22 AES-128-CBC encrypted RSA private key I tried to crack this, but I couldn't. Vulnerabilities…

Buffer Overflow Enumeration Hashes Injection Privilege Escalation Red Team Reverse engineering

HackTheBox – Node CTF walkthrough (BoF)

Marceli 23 February 2022 No Comments

Initial scan shows 2 open ports

CVE Enumeration Injection Red Team

HackTheBox – Sense CTF walkthrough

Marceli 22 February 2022 No Comments

Looks like some old version of pfsense. Default credentials (admin:pfsense) doesn't work. Only http/https ports are opened Nothing interesting so far Certificate date Username is exposed rohit:pfsense works: Version: 2.1.3…

Enumeration Privilege Escalation Red Team XXE

HackTheBox – Markup CTF walkthrough

Marceli 21 February 2022 No Comments

After going back to login page, I tried a few default credentials and one trivial combination worked. We are logged as "Customer" No hints from cyberchef Nothing interesting about technologies…

Enumeration Local file inclusion Privilege Escalation Red Team

HackTheBox – Included CTF walkthrough

Marceli 19 February 2022 No Comments

After going to http site, user is being redirected to: So I decided to try /etc/passwd Host is vulnerable to local file inclusion There are users related to tftp service…

HackTheBox – CozyHosting

Next-Gen Firewall (NGFW) – selection & initial deployment

HackTheBox – Active

TryHackMe – Enumerating Active Directory

TryHackMe – Breaching Active Directory