SweetRice CMS Exploitation | LazyAdmin TryHackMe
LazyAdmin is a machine available on TRYHACKME, designed for those looking to hone their skills in a controlled environment. This box provides opportunities to delve into web application exploration, exploit a documented CVE within a CMS, and understand a fundamental privilege escalation technique. Key Takeaways Enumeration: Systematic exploration to identify open ports, active services, […]
Exploiting Samba with Metasploit | HackTheBox
Lame is a beginner-friendly box available on HackTheBox. In this walkthrough, I’ll go through Nmap, SMB file shares, anonymous FTP logins, Searchsploit, and Metasploit to tackle this machine. Insights Vulnerability Scanning: Utilizing tools like Nmap to identify open ports and potential weaknesses in services on a target system. Exploitation Techniques: Employing both automated tools […]
OSINT For CTF
Passive Information Gathering in CTFs: A Deep Dive into Essential Tools and Techniques Introduction Passive information gathering is a vital phase in Capture The Flag (CTF) competitions. This preliminary reconnaissance step involves collecting data about a target or network without actively interacting with it. Successful CTF participants often use a range of tools and techniques […]
Steganography and Hidden Data
Commands for Engagements
A cheat sheet selection of frequently utilized tools and commands for engagements. Consider it a reference guide to assist you during your cybersecurity assessments. Nmap
Pass the Ticket: An AD Attack Method
Pass-the-Ticket (PtT) is a popular method of attack in AD environments, capitalizing on Kerberos tickets to gain unauthorized access. This guide breaks down PtT for the active CTF player, offering actionable code and clear steps to execute under time pressure. PtT Basics In Kerberos authentication, tickets, rather than passwords, grant access to resources. If an […]
DDoS Attacks: How to Take Down a Server
Distributed Denial of service [DDOS] attacks are popular cyber-attacks that focus on taking down a system’s availability by denying resources to legitimate connections. DDOS attacks can be found in many forms, commonly as an attack that heavily congests a network to the point of being unusable. Furthermore, DDoS attacks crash or even destroy resources depending […]
Steganography for CTF
Using Steganography Tools in CTFs: Extracting Hidden Flags with Steghide Capture The Flag (CTF) competitions often require participants to solve a variety of challenges, and one common type involves steganography, the art of concealing data within seemingly innocuous files, such as images. In this blog, we will explore how to use steghide a popular steganography […]
Kerberoasting: An Offensive Playbook
Active Directory, a cornerstone of many networks, is riddled with complexities and nuances. It is these intricacies that give birth to vulnerabilities like Kerberoasting. This article aims to provide a detailed, hands-on guide to Kerberoasting for Capture The Flag (CTF) enthusiasts. Let it serve as a touchstone during your challenges. Kerberos and SPNs Kerberos A […]
Privilege Escalation Techniques
A cheat sheet and essential guide designed to assist in efficient privilege escalation techniques across various systems. Consider it a reference point. Linux Upgrade shell