Bug Bounty VPS Build

The bug bounty community has finally caught my attention and it’s time for me to take a stab at finding some web application vulnerabilities in the wild. Before I started this process I took a few weeks to get accustomed to the current toolset being used and how they work. So basically it comes down …

How I Passed the OSCP

Recently I had the opportunity to take the PWK course offered by Offensive Security. Given how helpful the community has been during my journey, I felt it was my duty to provide a helpful write-up for all those pursuing the OSCP. The most useful questions I enjoyed reading were: What experience did you have before …

Offensive Security – Proving Grounds – Fail Write-up

Offensive Security released the Linux machine Fail on January 28th 2021. The machine is rated intermediate by OffSec and hard by the community. I felt the box was more towards the easy end of intermediate. The machine requires a bit of knowledge using ssh keys for authentication and an application called fail2ban. For those unfamiliar …

Offensive Security – Proving Grounds – ZenPhoto Write-up – No Metasploit

Offensive Security’s ZenPhoto is a Linux machine within their Proving Grounds – Practice section of the lab. This machine is rated intermediate from both Offensive Security and the community. I feel that rating is accurate. Keep in mind that the IP will change throughout the screenshots and cli output due to working on the box …

Offensive Security – Proving Grounds – Jacko Write-up – No Metasploit

Jacko from Offensive Security is a Windows box with a difficulty rating of intermediate. This box included a simple path to RCE with a tricky foothold and privilege escalation. I end up going down a few rabbit holes at each stage. Lets get started with some recon. Reconnaissance NMAP scan running all scripts, determine services/version …

Offensive Security – Proving Grounds – Banzai Write-up – No Metasploit

Banzai from Offensive Security was released on August 3rd, 2020. This machine is a Linux machine with the difficulty rating of intermediate. The flavor text provided with the VM is “You should be careful around raptors – they are dangerous!”. Even after rooting the box, this doesn’t make sense to me. Maybe I took an …

Offensive Security – Proving Grounds – Nibbles Write-up – No Metasploit

Nibbles from Offensive Security is a great example of getting root on a box by just “Living off The Land”. This boot to root includes no exploitation scripts and shows the importance of hardening systems before deploying to production. Now, on to the hacking. Reconnaissance We start off with a basic nmap scan. First, lets …

SANS Holiday Hack Challenge 2020 Write-up – Featuring KringleCon 3 :French Hens

Welcome to my write-up for the 2020 SANS Holiday Hack Challenge. This event includes 12 primary objectives and many “side missions” that will test your skills over many security topics. This is the third year SANS has hosted the event. The main page for the event can be found here. After registering, you are dropped …

Offensive Security – Proving Grounds – Metallus Write-up – No Metasploit

Offensive security has released an easy box offered in the practice section of the Proving Grounds. This Windows box is named Metallus. Lets see if we can get root on this one. Reconnaissance Starting with some initial enumeration. Nmap scan -Pn to ignore ping check, -sV to check versions, -sC to run all scripts, and …