HackTheBox – Bastard
In this Walkthrough, we will be hacking the machine Bastard from HackTheBox. We will begin by finding only one interesting port open, which is port 80, and from the nmap scan, it…
Read More
HackTheBox – Arctic
In this Walkthrough, we will be hacking the machine Arctic from HackTheBox. We will begin by finding only one interesting port open, which is port 8500. From there, we’ll enumerate the service…
HackTheBox – Mantis
In this Walkthrough, we will be hacking the machine Mantis from HackTheBox. We will begin by enumerating domain / domain controller specific services, which allows us to find a valid username. Next,…
Lateral Movement – Token Impersonation
In this post we will review how to perform a token impersonation attack using access tokens that were left laying around on a Windows 10 host after a domain admin had logged…
Weak File Permissions – Linux Privilege Escalation
For this post, we will review how to look for common files that should be locked-down by default, but have been made overly permissive with weak file permissions. Additionally, we will look…
Password Hunting – Linux Privilege Escalation
In this post we will be exploring the art of password hunting on a target Linux machine as a means to escalate privileges either horizontally or vertically. We will review various techniques…
LXD Container – Linux Privilege Escalation
In this post we are going to review the LXD group permissions on a Linux target and learn how a member of this group can elevate privileges from a standard user to…
NFS Share no_root_squash – Linux Privilege Escalation
In this post, we will learn how to enumerate and attack an NFS share in order to elevate our privileges from a standard user to root. We will start by enumerating open…
Port Forwarding – Linux Privilege Escalation
In this post we will be exploring a Linux privilege escalation technique know as port forwarding. Port forwarding is a technique that allows an attacker to directly access internal or firewall blocked…