Recent Posts

Active Directory Security Checklist

1 minute read

I recently came across the Active Directory Pro blog post Top 25 Active Directory Security Best Practices. It’s a great read for anyone interested in AD security. I decided to type up the 25 points onto my blog so I could quickly reference them easily when required.

HackTheBox - Sniper

8 minute read

Sniper was a cool 30 point box created by MinatoTW and felamos. It started out with finding a parameter vulnerable to LFI which happened to also be vulnerable to RFI using our own custom Samba SMB server to host a web shell. You can then use some PowerShell to execute commands as chris to get user and subsequently a meterpreter shell on the box. Finally you had to create a malicious CHM file which when opened executes nc.exe sending you a shell and subsequently root.

HackTheBox - Forest

11 minute read

Forest was a fun 20 point box created by egre55 and mrb3n. It started out with enumerating users from SMB for use in a Kerberos AS-REP Roasting attack, you then crack the resulting hash and login via WinRM to get user. You then have to Invoke-BloodHound and abuse the privileges our user has to get root.

HackTheBox - Postman

5 minute read

Postman was a nice 20 point box created by Xh4H. It started out with exploiting an open redis server by writing our public key to the authorized_keys file which allows you to SSH in. You then find and decrypt an encrypted RSA private key to get a passphrase, and finally get a root shell via an authenticated Webmin exploit to get the user and root flags.

HackTheBox - Bankrobber

13 minute read

Bankrobber was a fun 50 point box created by Gioo and Cneeliz. It started out with XSS to steal the admins cookie which contains credentials for the admin interface, you then login and find SQLi to get source code to a script that’s vulnerable to SSRF and exploit it via an XSS payload to get user. You then have to brute force a 4 digit PIN code leveraging pwntools and exploit a blind buffer overflow to get root.