Local File Inclusion vulnerabilieis entail when a user inputs contains a file path which results in retrieval of unintended system files via a web service.
Exploited Jenkins gained an initial shell, then escalated privileges by exploiting Windows authentication tokens. Deployment of meterpreter with web_delivery.
Post enumeration of lab with credentials/hashes captured. Overview of PowerView and Bloodhound setup/usage.
Tutorial on hacking wireless access points to include capture handshakes and crackings .cap files.
Detailed overview of the OWASP Top 10 utilizing OWASP Juiceshop VM to cover application vulnerabilities.
Penetration with Kali (PWK) Review Guide after having completed 90 lab. Resources and tips to help fellow hackers develop & execute a plan for attacking the lab network.
Disassembly of ippsec’s youtube video HackTheBox - Arctic. Focus on Windows and basic enumeration, intercepting an application communications via burp. Shell creation with Unicorn and powershell usage along with windows enumeration.
Disassembly of ippsec’s youtube video HackTheBox - granny. Windows box where OPTIONS get enumerated and used via davtest. Web filter circumvention and a focus on using metasploit to enumerate the box and exploit it.
Disassembly of ippsec’s youtube video HackTheBox - Bastard. Windows box without the use of Metasploit, a few different ways to enumerate the privesc. Managing cookies importing/exporting. Exploit modification/testing. Setting up Burp Suite to capture an exploits traffic and SMB file execution with impacket.
Disassembly of ippsec’s youtube video HackTheBox - Optimum. Windows box completed two different ways with and without Metasploit. Focusing on the usage of Powershell, enumerating the privesc with Sherlock and executing an exploit with a shell from Nishang and Empire.