Disassembly of IppSec’s youtube video HackTheBox - Devel. Windows box which is completely done within metasploit and the standard commands you would use to enumerate a box and interact. Great metasploit refresher.
Disassembly of IppSec’s youtube video HackTheBox - Blue. A crash course in NMAP and the strength it has in enumeration. Exploitation crash course with Metasploit & Empire, fixing unicode with xxd. Using unicorn to elevate meterpreter shell to stdapi.
Disassembly of Julio Ureña’s youtube video HackTheBox - Legacy. Windows box includes enumeration of system to an exploitable SMB server. Modifying a public exploit and inserting custom shellcode with msfvenom both meterpreter and shell_reverse_tcp.
Disassembly of ippsec’s youtube video HackTheBox - Teacher. Box includes a web-app that is vulnerable to a php bug with allows for RCE. The usage of pspy to discover cron jobs and taking advantage of a root task that leads to root access.
Dissection of ippsec’s youtube video HackTheBox - Irked (Fixed). Box includes enumeration to UnrealIRCd server, stenography and tools, SUID stickybit that leads to root escalation.
Vulnhub virtual machine; One of the last of my vulnhub boxes from the OSCP prep list. Zico2, used enumeration to find an admin login, which used basic credentials to enter. Used the backend to use php to download a reverse shell which led to privesc with dirtycow and zip.
April 4th, 2019, With high anticipation from the cybersecurity community the NSA release the open source of its Software Reverse Engineering (SRE) framework Ghidra. This all gaining traction as the organization reaches out to garner potential new employees. While the effort seem to be an interesting avenue to pursue the infosec community welcomes the open-sourcing of such powerful tools.
Vulnhub virtual machine; Enter Version 3 - Experience of multiple engagements with WFUZZ to tunneling through socat and pivoting through ports. Take over a local global library file to encountering a buffer overflow print string bug. Finally, employing a custom kernel exploit. You will learn something new.
Vulnhub virtual machine; How bad do you want OSCP box, Lets begin with this is not for the faint of heart. Enumeration to multiple pivots, reverse engineering, buffer overflow all wrapped in to one VM. This box will teach you something new guaranteed, grab a drink you’re going to need one.
Vulnhub virtual machine; OSCP prep box, pivoting enumeration through separate web-server to engage the target. Buffer-overflow of an application to gain root.