Offensive Security – Proving Grounds – Nibbles Write-up – No Metasploit

Nibbles from Offensive Security is a great example of getting root on a box by just “Living off The Land”. This boot to root includes no exploitation scripts and shows the importance of hardening systems before deploying to production. Now, on to the hacking. Reconnaissance We start off with a basic nmap scan. First, lets …

SANS Holiday Hack Challenge 2020 Write-up – Featuring KringleCon 3 :French Hens

Welcome to my write-up for the 2020 SANS Holiday Hack Challenge. This event includes 12 primary objectives and many “side missions” that will test your skills over many security topics. This is the third year SANS has hosted the event. The main page for the event can be found here. After registering, you are dropped …

Offensive Security – Proving Grounds – Metallus Write-up – No Metasploit

Offensive security has released an easy box offered in the practice section of the Proving Grounds. This Windows box is named Metallus. Lets see if we can get root on this one. Reconnaissance Starting with some initial enumeration. Nmap scan -Pn to ignore ping check, -sV to check versions, -sC to run all scripts, and …

Offensive Security – Proving Grounds – ClamAV Write-up – No Metasploit

ClamAV is a machine available in the Practice area of the Offensive Security Proving Grounds. This box difficulty is easy. Lets dive in and take a look. Reconnaissance Starting with a nmap scan enabling all scripts, detecting versions, and output all formats to files starting with the string “simple”. Weaponization and Delivery So using this …

Offensive Security – Proving Grounds – Internal Write-up – No Metasploit

Internal is a machine available in the Practice area of the Offensive Security Proving Grounds. This machine was super easy, so I will be focusing on manual exploitation and solid enumeration. Reconnaissance Lets start with some basic enumeration. Here we immediately see our target is “Windows Server (R) 2008 Standard 6001 Service Pack 1”. We …

Offensive Security – Proving Grounds – Bratarina Write-up – No Metasploit

Offensive security has recently released a new platform for testing your technical skills called the Proving Grounds. This service comes shortly after Offensive Security acquired VulnHub. Within the proving grounds you have a choice to hack the “Play” machines for free, or pay the monthly subscription to get access to offensive security created machines. I …

OSCP Buffer Overflow write-up from TryHackMe

Try Hack Me recently released a free room created by Tib3rius on the tryhackme.com site for anyone wanting to learn more about exploiting buffer overflows. The room includes a machine that can be deployed with the vulnerable app and the primary needed tool; Immunity Debugger. All exploitation in this write-up is performed remotely using Kali …

Data Exfiltration with Base64

A well defended network and properly trained security professional has many opportunities of detecting and stopping malicious actors. Each layer of activity found in the Mitre ATT&CK Matrix is a chance for the malicious actor to trip an alarm. A malicious cyber attack only needs to be detected and stopped in one of the stages …

OSCP-Voucher-Giveaway-VM – LXC/LXD method – Write-up

Offensive Security Community Manager Tjnull offered up a voucher for the OSCP PWK. For a chance to win the OSCP voucher, participants must download a VM from VulnHub, get root permissions on the VM, and submit the flag to a user in Discord. VulnHubLink: https://www.vulnhub.com/entry/infosec-prep-oscp,508/ Lets dig in an see what we can find. Reconnaissance …

HTB Sauna – No Metasploit

This machine is rated easy and was released in February 2020. This machine is rating on the higher end of easy for both user and root. Reconnaissance Lets start by kicking off a NMAP scan running default scripts, version detection, saving outputs, maxing the verbosity, and scanning all TCP ports. One reason for maxing the …