-
Mango – HackTheBox
Scanning Started with my typical nmap scan. Enumeration – Port 443 Port 80 returned a 403 forbidden as seen in the scan, but 443 seemed worthwhile to check out. This search function just returned to itself. Gobuster revealed a subdirectory /analytics & this also worked from the primary page. This was a collected table of…
-
Bolt – HackTheBox
Bolt is a Medium level machine on HTB that was recently retired. Nmap scan: Enumeration: Port 80 – HTTP There’s a pretty basic website with not many obvious paths, but I was able to download a copy of the docker file that is presumably being used to run the webserver, so saving that for now,…
-
Dynamic Futures: Intro to Modern Vulnerability Management
There are a few ways that VM programs can be setup. The older approach essentially involves a process of performing the following actions: Determining scope Scanning assets Scoring assets by CVSS or other indicator Reviewing scan report and remediating based on scores This method works, and it is certainly better than letting assets sit in…
-
Nineveh – HackTheBox
Nineveh is a medium-ranked box on HTB that happens to be on TJNull’s list of boxes to try for extra OSCP practice. Scanning Enumerating HTTP Port 80 Gobuster revealed an info page. Cool. I had to run another gobuster scan with a more thorough list to uncover another hidden directory. Found this in the page…
-
Blueprint – TryHackMe
Started off with my usual nmap scan: Looks like a windows server. I went ahead and ran a basic gobuster scan against both 80 and 8080. Nothing doing at port 80 but there was something interesting at 8080: The catalog itself led to a messed up default page for this oscommerce app, so with the…
-
RazorBlack – TryHackMe
This was a pretty neat little box for learning a little about AD exploits. Note that I had to reset it several times as the network kept timing out, especially when interacting over Evil-WinRM, which is why the IP changes so many times. I started out with my typical nmap scan: That’s a lot of…
-
Driver – HackTheBox
Started by running my standard nmap scan: So there’s an SMB server running and a web server. I couldn’t access the SMB server so I checked out the site and ran a gobuster scan in the meantime. I am presented with a login screen, so I go back to look at my nmap scan and…
-
Bounty Hunter – HackTheBox
Started out with my standard nmap scan: So SSH and port 80 is open, so I’ll just go check out that web server. Within it there’s a directory that looks like it leads to a db search: I captured some test data from this in Burp: So I notice a couple things. One is that…
-
Cap – HackTheBox
Sometimes the so-called easy boxes can prove to be the trickiest even though, once the vectors are found, they were quite easy after all. Such is the case for this box. I booted up and launched my nmap scan with some immediate results: FTP, SSH, HTTP server all running. I skipped over ftp for now…
-
LFI – TryHackMe
Link to the THM room I ignored scanning on this machine because I knew we were in the LFI room. If the IP had not returned a valid site though, I would have run a scan to determine the port where the web server was running. Once the IP was up, I checked out the…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
A Cyber Journey 