OSWE Prep – HTB Falafel – No SQLMap

Hack the box released a machine named Falafel in 2018. The difficulty set by the community and HTB is Hard, and I can see why considering the machine required quite a few different attack types including blind SQL injection, password cracking, type juggling, file upload bypass, and abusing Linux permissions and group misconfigurations to finally …

OSWE Prep – VulnHub – Silky 0x02

The security community has compiled a well-known list of machines available outside of the PEN-200 Labs to help prepare for the OSCP exam, but few know that an OSWE list is in its infancy as well. The OSWE list can be found here. At the top of the Vulnhub list was Silky-CTF: 0x02. Though the …

Burp Suite – Custom Parameter Handler

Burp Suite is a great tool not because it contains all the needed features to test a service, but because it can be customized to perfectly fit the needs of each engagement. A common issue with my day-to-day when testing APIs is the need to pull a dynamic parameter from an initial request to then …

Bug Bounty VPS Build

The bug bounty community has finally caught my attention and it’s time for me to take a stab at finding some web application vulnerabilities in the wild. Before I started this process I took a few weeks to get accustomed to the current toolset being used and how they work. So basically it comes down …

How I Passed the OSCP

Recently I had the opportunity to take the PWK course offered by Offensive Security. Given how helpful the community has been during my journey, I felt it was my duty to provide a helpful write-up for all those pursuing the OSCP. The most useful questions I enjoyed reading were: What experience did you have before …

Offensive Security – Proving Grounds – Fail Write-up

Offensive Security released the Linux machine Fail on January 28th 2021. The machine is rated intermediate by OffSec and hard by the community. I felt the box was more towards the easy end of intermediate. The machine requires a bit of knowledge using ssh keys for authentication and an application called fail2ban. For those unfamiliar …

Offensive Security – Proving Grounds – ZenPhoto Write-up – No Metasploit

Offensive Security’s ZenPhoto is a Linux machine within their Proving Grounds – Practice section of the lab. This machine is rated intermediate from both Offensive Security and the community. I feel that rating is accurate. Keep in mind that the IP will change throughout the screenshots and cli output due to working on the box …

Offensive Security – Proving Grounds – Jacko Write-up – No Metasploit

Jacko from Offensive Security is a Windows box with a difficulty rating of intermediate. This box included a simple path to RCE with a tricky foothold and privilege escalation. I end up going down a few rabbit holes at each stage. Lets get started with some recon. Reconnaissance NMAP scan running all scripts, determine services/version …

Offensive Security – Proving Grounds – Banzai Write-up – No Metasploit

Banzai from Offensive Security was released on August 3rd, 2020. This machine is a Linux machine with the difficulty rating of intermediate. The flavor text provided with the VM is “You should be careful around raptors – they are dangerous!”. Even after rooting the box, this doesn’t make sense to me. Maybe I took an …