Hello everyone, this is a new writeup on the HTB Sherlock Origins. Sherlock Category: DFIR Sherlock Description: A major incident has recently occurred at Forela. Approximately 20 GB of data were stolen from internal s3 buckets and the attackers are ...
Hello everyone, this is a writeup on Alert HTB active Machine writeup. STEP 1: Port Scanning Use nmap for scanning all the open ports. nmap -sCV 10.10.11.44 -Pn Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-26 12:08 UTC Nmap scan report for ...
Hello everyone, I am Nirmal and I have stared to write blogs on HTB Machine, Sherlocks, THM Challenges and Tools etc. Today, we will see the new HTB Sherlock Dream Job-1 Prerequisite: Open MIRE ATT&CK Framework. Open VirusTotal. Download the zip ...
Introduction Hello everyone, how are you doing? Today we are doing “Dog” from hackthebox, which is an easy box for beginners. The box begins with a web app that has its git directory exposed. By downloading the source from the git folder, we discover...
The Vault machine is a medium-difficulty Active Directory (AD) box hosted on Hack The Box. This machine focuses on exploiting misconfigurations in SMB shares, capturing NTLM hashes, and leveraging privileges for privilege escalation. In this walkthro...
The "Hokkaido" machine provided a comprehensive learning experience in Active Directory exploitation. By combining enumeration, credential harvesting, and privilege escalation techniques, I successfully compromised the target system. Try solving this...
About Unrested Unrested is a medium difficulty Linux machine hosting a version of Zabbix. Enumerating the version of Zabbix shows that it is vulnerable to both CVE-2024-36467 (missing access controls on the user.update function within the CUser class...
just a quick poc, without image. this my old notes i want to share. but i cant import the images. idk why just enjoy the short writeup for blackfield HTB User Enumeration for port scanning i’m using naabu and built in nmap-cli scan_port () { ...
Tiếp theo serials Hack The Box writeups sẽ đến một bài khá ez để khai thác cũng như leo thang đặc quyền. Photobomb là một máy Linux, trong đó thông tin đăng nhập được bỏ quên trong mã nguồn và được sử dụng để truy cập vào một ứng dụng web nội bộ có c...
Although Jerry is one of the easier machines on Hack The Box, it is realistic as Apache Tomcat is often found exposed and configured with common or weak credentials. Seperti biasa pertama lakukan port scanning. ❯ nmap -sC -sV -T3 10.10.10.95 -Pn Sta...
![[HTB] Photobomb](https://cdn.hashnode.com/res/hashnode/image/upload/v1693973127420/d5408eb2-fe36-4d6e-919a-5dd5c79fea5d.png)
