Genius = https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ IP address: 10.10.10.29 Recon nmap -v -sU -sS -p- -A -T4 10.10.10.29 Port 80/tcp - http Nmap -p 80 -sV 10.10.10.29 Reveals apache httpd 2.4.7 - no known critical vulnerabilities Default Ubuntu Apache2 page Port 53/tcp - DNS Nmap -p 53 -sV 10.10.10.29 ISC BIND 9.9.5-3ubuntu0.14 Port 22/tcp - ssh Nmap -p... Continue Reading →
Lame HackTheBox Notes
Genius = https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ IP address: 10.10.10.3 Recon nmap -v -sU -sS -p- -A -T4 target Port 445/tcp: used for direct TCP/IP MS Networking access without the need for NetBIOS layer. SMB (Server Message Block) protocol is used among other things for file sharing. Used in Windows 2K/XP to run SMB directly over TCP/IP without the... Continue Reading →
Reversing Challenge: Snake HTB
To solve this quickly please look at the method stated at the bottom of the page. Firstly we download the zip from htb and unzip this to obtain the file we will be reversing ‘snake.py’. I will be completing this challenge using kali linux x64 but it should be very similar on any OS with... Continue Reading →
HTB:”Find The Easy Pass” using Immunity
Recently I’ve been reading Programming from the Ground Up by Jonathan Bartlett to begin my journey into reverse engineering and malware analysis. After spending a bit of time on this book I was very interested in seeing my new knowledge at work. So I took to hackthebox and found the perfect task. Under Reversing I... Continue Reading →
Poison HackTheBox Notes
As I continue to post my notes for retired boxes you will likely notice a drastic increase in detail. A few boxes were completed when I was just getting into cyber security and since then I have learned a lot in regards to documentation. Simply based off of the name here we can determine this... Continue Reading →
Celestial HackTheBox Notes
This box isn’t too bad and was actually pretty educational. First we started off with an nmap scan, noticing only one port open “3000”. Using the flag -sV we can use banner grabbing to determine what service is running on the port. We then found out it was node.js and a web host. So we... Continue Reading →
Valentine HackTheBox Notes
Valentine This box consists of a fair amount of rabbit holes that I will just ignore for the most part to avoid this report being super long. The first thing I always do is run an nmap scan. I found 3 open ports, http, https, and ssh. This is great, web servers are fun.... Continue Reading →
Aragog HackTheBox Notes
Nmap -sV -T5 10.10.10.78 PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel Running dirbuster with medium wordlist 10.10.10.78/hosts.php => There are 4294967294 possible hosts for This is... Continue Reading →