OSCP Proving Grounds – Levram Walkthroug
Introduction Welcome to another OSCP-style walkthrough on Proving Grounds – Levram. This machine is a great practice target for web exploitation and Linux privilege escalation. In this post, I’ll guide you through the full attack path, including enumeration, exploitation, and privilege escalation. Enumeration Nmap Scan Starting with an Nmap scan to identify open ports and […]
Codo – OSCP Proving Grounds
In this walkthrough, I’ll document my full approach to Codo, an OSCP Proving Grounds box. This will cover initial enumeration, gaining a foothold, privilege escalation, and capturing the proof.txt flag. Step 1: Reconnaissance & Enumeration 🔍 Nmap Scan The first step was running an Nmap scan to discover open services: 📝 Nmap Results: Since SSH […]
Internal – OSCP Proving Grounds
Introduction For this engagement, I tackled the OSCP Proving Grounds machine Internal. The goal was to gain a foothold, escalate privileges, and ultimately retrieve the flag from the administrator’s account. In this write-up, I’ll document my approach, mistakes, and lessons learned along the way. Step 1: Initial Reconnaissance Before attempting any exploits, I conducted a […]
LOTL Port Scanning
Living Off The Land Living Off The Land (LOTL) techniques leverage native tools, present in the target or victim’s environment, to accomplish tasks such as information gathering, persistence, and even execution. By using native tools, attackers often avoid detection, as these tools are usually trusted and permitted to operate freely. One fundamental technique used in […]
SSH Key Exploitation and SMB Recon: A CTF
CTFs (Capture The Flag competitions) offer hands-on experience, simulating real-world cyber scenarios. They hone skills, encourage problem-solving, foster teamwork, and promote a deep understanding of cyber threats and defense strategies. Insights SSH Key Usage: Stored SSH keys can be exploited to gain access, especially if they aren’t password-protected or if the passphrase can be […]
Windows Security: Abusing Access Tokens | Practical
Windows, in its core security design, leverages access tokens to determine if accounts possess the requisite permissions to execute certain tasks. When you authenticate to a system, Windows hands over an access token specific to your account. But here’s where things can get dicey: these tokens, if misconfigured or manipulated, might become an open door […]
SQLi and Reverse SSH Tunnelling | Game Zone THM
Game Zone, offered by TryHackMe, is a box that covers a broad spectrum of tasks. It takes participants through SQL injection, password cracking, reverse SSH tunneling, and the use of Metasploit. It’s a solid challenge, offering a good mix of content for those keen to hone their skills. Insights Web Application Vulnerabilities: SQL injection […]
Threat Modeling: STIDE and DFD
In the dynamic landscape of cybersecurity, establishing a clear understanding of threats is paramount. While introductory courses may gloss over various methodologies, diving deep into advanced techniques such as STRIDE and Data Flow Diagrams (DFD) is essential for established professionals. This article provides an in-depth examination of these advanced threat modeling methodologies. The Significance of […]
Working with Linux Capabilities | Cap HackTheBox
Linux capabilities allow for a nuanced approach to the security architecture, breaking down the absolute root privilege into specific individual permissions. This division provides a detailed control mechanism as opposed to the generic superuser model. “Cap” is a HackTheBox machine designed to test one’s grasp of pcap files and SSH, but also emphasizes the importance […]
Scanning for the CTF Arena
This is a reference guide offering concise command suggestions for machine scanning. It encompasses widely-used tools and provides “living off the land” commands, ensuring adaptability to various environments. Host Discovery nmap # Basic ping sweep | └─$ nmap -sn 10.10.10.0/24 # If ICMP is blocked: | └─$ nmap -Pn -p 80,443 10.10.10.0/24 ARP Scan with […]