Enumeration Nmpa scan output – full scan # Nmap 7.94SVN scan initiated Fri Nov 10 07:23:29 2023 as: nmap -vv –reason -Pn -T4 -sV -sC –version-all -A –osscan-guess -p- -oN /home/kali/HTB/chatterbox/results/10.10.10.74/scans/_full_tcp_nmap.txt -oX /home/kali/HTB/chatterbox/results/10.10.10.74/scans/xml/_full_tcp_nmap.xml 10.10.10.74 Increasing send delay for 10.10.10.74 from 0 to 5 due to 11 out of 11 dropped probes since last increase. Nmap… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types…… Continue reading
Enumeration this is a test to see if it updated on wordpress Nmap scan # Nmap 7.94 scan initiated Wed Nov 8 04:55:31 2023 as: nmap -vv –reason -Pn -T4 -sV -sC –version-all -A –osscan-guess -oN /home/kali/HTB/bastard/results/10.10.10.9/scans/_quick_tcp_nmap.txt -oX /home/kali/HTB/bastard/results/10.10.10.9/scans/xml/_quick_tcp_nmap.xml 10.10.10.9 Nmap scan report for 10.10.10.9 Host is up, received user-set (0.31s latency). Scanned at 2023-11-08… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types… Continue reading
Nmap scan ╰─$ nmap -sV -sC -oA slort 192.168.180.53 -Pn Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-08 02:17 EDT Nmap scan report for 192.168.180.53 Host is up (0.28s latency). Not shown: 993 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 21/tcp open ftp FileZilla ftpd 0.9.41 beta | ftp-syst: |_ SYST: UNIX emulated by… Continue reading
In this practice box from Hack The Box (HTB), we explore one of the machines from TJNull’s list, which is widely recognized as part of the essential preparation for the Offensive Security Certified Professional (OSCP) exam. TJNull’s curated list is designed to help individuals hone their penetration testing skills and get accustomed to the types…… Continue reading
nmap scan # Nmap 7.94 scan initiated Thu Oct 5 23:02:59 2023 as: nmap -sV -sC -oA jacko -Pn 192.168.180.66 Nmap scan report for 192.168.180.66 Host is up (0.28s latency). Not shown: 995 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 |_http-title: H2 Database Engine (redirect) | http-methods:… Continue reading
Nmap scan kali@kali ~/HTB/intelligence/intelligence2 ▶ nmap -sV -sC -oA intelligence $IP -Pn Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-02 06:43 EDT Nmap scan report for intelligence.htb (10.10.10.248) Host is up (0.28s latency). Not shown: 988 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http… Continue reading
nmap scan ┌──(kali㉿kali)-[~/HTB/Monteverde] └─$ nmap -sV -sC -oA mantis 10.10.10.172 -pn Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-24 07:41 EDT zsh: segmentation fault nmap -sV -sC -oA mantis 10.10.10.172 -pn ┌──(kali㉿kali)-[~/HTB/Monteverde] └─$ nmap -sV -sC -oA Monteverde 10.10.10.172 -Pn Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-24 07:41 EDT Nmap scan report for 10.10.10.172… Continue reading
nmap scan └─$ nmap -sV -sC -oA mantis 10.10.10.52 -Pn Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-17 22:55 EDT Nmap scan report for 10.10.10.52 Host is up (0.34s latency). Not shown: 981 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 53/tcp open domain Microsoft DNS 6.1.7601 (1DB15CD4) (Windows Server 2008 R2 SP1) | dns-nsid:… Continue reading
Nmap scan Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-15 08:42 EDT Nmap scan report for 10.10.10.169 Host is up (0.30s latency). Not shown: 990 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2023-09-15 12:50:59Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn… Continue reading
This is a windows machine from hack the box. Nmap scan ┌──(kali㉿kali)-[~/HTB/timelapse] └─$ nmap -sV -sC -oA cascade 10.10.11.152 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-14 08:17 EDT Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in… Continue reading
This is a windows machine from hack the box. Nmap scan └─$ nmap -sV -sC -oA cascade 10.10.10.182 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-11 05:46 EDT Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 3.97… Continue reading
This is a windows machine from hack the box. nmap scan ┌──(kali㉿kali)-[~/HTB/blackfield] └─$ nmap -sV -sC -oA blackfield 10.10.10.192 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-09 21:19 EDT Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in… Continue reading
This is a windows machine from hack the box. Nmap scan └─$ nmap -sV -sC -oA active 10.10.10.161 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-06 06:08 EDT Nmap scan report for 10.10.10.161 Host is up (0.34s latency). Not shown: 989 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus… Continue reading
This is a windows machine from hack the box. nmap -sV -sC -oA sauna 10.10.10.175 Starting Nmap 7.94 ( https://nmap.org ) at 2023-08-27 22:55 EDT Stats: 0:00:26 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 22.22% done; ETC: 22:56 (0:00:21 remaining) Nmap scan report for 10.10.10.100 Host is up… Continue reading
This is a windows machine from hack the box. # Nmap 7.94 scan initiated Fri Aug 25 01:40:28 2023 as: nmap -sV -sC -oA sauna 10.10.10.175 Nmap scan report for 10.10.10.175 Host is up (0.28s latency). Not shown: 988 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open… Continue reading
As a Certified Member of (ISC)2, it’s necessary to accumulate and report Continuing Professional Education (CPE) credits during the three-year certification period. The sum of CPE credits earned in the three-year span must meet the minimum CPE credit requirement for the certification cycle One great way of earning CPE is via Hack the box challenges…. Continue reading
We are going to use Wgel from tryhack me to test the Enumeration speeds of the three. We are going to use the same list We will use the list usr/share/dirb/wordlists/common.txt I copied this to common1.txt so as not to use the original Kept only the last 1000 word of this file using the following… Continue reading
FFUF 2.0 has been released and is now available, according to the Joo N/A Twitter handle. You can find it on the following GitHub link: https://github.com/ffuf/ffuf. FFuf (Fuzz Faster U Fool) is a fast web fuzzing tool that can be used for both information gathering and vulnerability testing in the field of cybersecurity. It allows… Continue reading
This box is from TryHackMe Connect the VPN and do some Nmap enumeration SSH and Port 80 Open Nothing interesting on the web page Checking the page source we can see a reference to a “Jessie” which we can assume is a user of this box Nothing interesting from nikto Did a dirb on the… Continue reading
Dr. Mike Pound is a computer science researcher and educator. He is best known for his work as a member of the Computerphile team, where he produces and appears in videos about various topics in computer science and technology. Dr. Pound has a PhD in computer science from the University of Nottingham, and has published… Continue reading
John Hammond is a well-known figure in the field of cyber security. He is a security researcher and consultant who has made significant contributions to the understanding and protection of computer systems and networks. John is an expert in the field of network and application security, with a focus on identifying and mitigating various types… Continue reading
A list of essential cybersecurity tools, shared on Twitter 1/02/23, by @NandadLohitasksh’s, provides valuable insights for all skill levels. A comprehensive overview of current tools in the industry. Recommended resource for professionals, students and enthusiasts. shodan.io – Search for devices connected to the internet and their vulnerabilities prowl.lupovis.io – Free IP search & identifications of IoC and… Continue reading
Midjourney AI is an intriguing technology that has generated some fascinating images. I have been following its progress and development, and I am eager to see how it will evolve in the coming years. As technology continues to advance, it is always exciting to observe the latest innovations and advancements. In this case, I am… Continue reading
Midjourney is an artificial intelligence art generation service. They are an AI-powered system that creates images from user prompts. On their website, they describe themselves as: “An independent research lab. Exploring new mediums of thought. Expanding the imaginative powers of the human species.” Some Prompts that you can use to help generate some of the images… Continue reading
David Bombal is a well-known figure in the cybersecurity industry, known for his expertise in network automation and his contributions to the field of network engineering. He is an experienced network engineer and instructor who has designed and delivered numerous training courses and workshops on network automation, network programmability, and network security. David Bombal has… Continue reading
Privilege escalation in cybersecurity refers to the act of gaining unauthorized access to higher-level privileges on a computer system or network. It is a type of attack that occurs when an attacker gains access to a low-level account on a system and then uses that access to gain higher-level, root privileges. Many thanks to @conda… Continue reading
Privilege escalation in cybersecurity refers to the act of gaining unauthorized access to higher-level privileges on a computer system or network. It is a type of attack that occurs when an attacker gains access to a low-level account on a system and then uses that access to gain higher-level, administrator privileges. Many thanks to @conda… Continue reading
Create Directory, and ran nmap scan Nmap scan results Only SSH and Port 80 running Checking Web on Port 80. Nothing interesting even checking the page source Doing a Nikto scan we can see that there is PHP/8.1.0-dev Searching this on exploitDB we find an RCE Download the file to the directory Download the file… Continue reading
The command python -c ‘import pty; pty.spawn(“/bin/bash”)’ is a command that is used to spawn a new TTY (teletypewriter) shell using the pty module in Python. This command is useful in situations where you have compromised and got a shell on a target machine, but the shell is not interactive. In this case, using this… Continue reading
In this blog post, we take a look at the Legacy Windows machine on the “Hack the Box” platform. The writeup was completed on January 23rd, 2023 and highlights the importance of enumeration in penetration testing. By utilizing the –vuln script during the enumeration process, we were able to gather crucial information that ultimately led… Continue reading
@nahamsec is a well-known and respected figure in the cybersecurity and penetration testing community. He is known for his expertise in the field of bug bounties and has successfully found and reported vulnerabilities in a number of high-profile companies. In addition to his technical skills, @nahamsec is also known for his willingness to share his… Continue reading
Tomnomnom, also known by his online handle @tomnomnom, is a well-known and respected figure in the cybersecurity community. He is a security researcher and tool developer, known for his contributions to the open-source community and for his focus on web and infrastructure security. Tomnomnom’s work primarily revolves around developing and sharing tools that can be… Continue reading
This past year (2022) has been a challenging one for cybersecurity, with data breaches and ransomware attacks continuing to be major issues. The IBM-Ponemon survey shows that the cost of a data breach remains in excess of $4 million per incident, and ransomware is a leading cause of these breaches. Not only do they result… Continue reading