Forest Writeup | HackTheBox

nmap scan: Domain: htb.local Host: FOREST Enumerating users with enum4linux and ldapsearch using ldapsearch to enumerate users and groups after getting the users, save the users in a file, after that, i used getNPUsers tool of impacket to get the…

Timelapse – Hackthebox

Hello friends, This is a quick write-up of the Timelapse machine from HACKTHEBOX. downloaded winrm_backup.zip Extracting key and certificate from .pfx file Cracking legacy.pfx Powershell history of user legacy extracting laps passwords: After finding the Administrator password, you know what to…

ARCTIC – HACKTHEBOX

Hello friends, This is a quick and raw writeup for ARCTIC machine from HACKTHEBOX. found port 8500 open running website, A coldfusion cms type thing running. found exploit of version 8 and exploited using public python script, after that i…

DEVEL – HACKTHEBOX

Hello friends, This is a quick and raw Writeup for DEVEL machine from HACKTHEBOX. Scanning: FTP allows upload, so after uploading aspnet reverse shell, i got the shell visiting web, then using hta metasploit module got shell in meterpreter. Using…

LAME – HACKTHEBOX

Hello friends, This is a quick writeup for LAME machine from HACKTHEBOX Scanning for open ports: Service exploits: OS: Unix (Samba 3.0.20-Debian) is vulnerable to CVE-2007-2447 using this Metasploit module, exploited the machine. If you face any problems, let me…

Weakest Link – Container

Hello friends, In this post, I’ll share with you, how I solve Pentester Academy Weakest Link Lab. Scenario:  A web UI of a Portainer instance running on a Docker host. This instance is using weak credentials. The attacker launched a dictionary attack on the…