-
HackTheBox ScriptKiddie Walkthough
ScriptKiddie was an Easy rated Linux machine, which involved exploiting a vulnerability within MetaSploit, then gaining access to the pwn user and abusing a sudo misconfiguration. Getting A Shell Reconnisance Initial nMap scans showed a very simple box, with just SSH and port 5000 open. I personally find the -sV -A flags tend to reveal […]
-
My OSCP Exam Experience & Tips
Here is a write up of my OSCP exam experience – from studying through to passing the exam. Overall, it was a worthwhile experience and I would recommend it to anyone interested in infosec! TL:DR Practise! IMO, the OSCP exam manual is too large and not worth the effort Proving Grounds is far better than […]
-
HTB Cyber Apocalypse – Emoji Voting Writeup
Emoji Voting was a 2-star rated ‘Web’ machine. The server was vulnerable to SQL injection, which allowed for the flag to be discovered. This was a fairly laborious process, as the SQL injection was after an ‘ORDER BY’ statement, which increased the complexity of exploiting it. Pwning Emoji Voting The website itself appears to be […]
-
HTB CTF 2021 – Input as a Service Writeup
Input as a Serivce (Iaas) 1-star rated challenge from the HackTheBox Cyber Apocalypse CTF. This challenge was from the ‘Misc’ section, in contrast to most of the others I attempted! This challenge revolved around a input function vulnerability in a Python web server, which could be exploited to achieve an RCE. Some initial poking around […]
-
HTB CTF 2021 – MiniSTRyplace Writeup
MiniSTRyplace was a 1-star rated ‘Web’ challenge from the HackTheBox Cyber Apocalypse CTF. The solution was pretty simple, with a vulnerable str_replace function allowing for a simple path traversal exploit. Initially, the files for the server were supplied as part of the challenge. From a quick initial search, the index.php file stood out as being […]
-
HTB Cyber Apocalypse CTF 2021 – BlitzProp Writeup
BlitzProp is a 1* rated challenge from the web category of the HTB CTF. To exploit this, you need to use a ‘prototype pollution’ vulnerability in order to gain RCE against the target. This was the first time I had exploited a target using a vulnerability such as this, so I learned a lot from […]