Month: June 2020

HTB Walkthrough Tabby

Summary Tabby is launched on the 20th of June and is rated as an Easy Box. Foothold Nmap shows there are only 3 ports open, 22,80,8080. on port 80 we see a webpage that is vulnerable to LFI User After finding the LFI and the right file we get credentials for the tomcat server which is running on port 8080. we were able to obtain a shell with metasploit. After some enumeration we found a zip file. after successfully brute forcing the password we were able to switch to the user ash and get the user flag. Root Ash id… Read More

HTB Walkthrough ServMon

Servmon has been released on 11th of April and has been retired on 20th of June. Servmon is an Easy rated machine. Foothold First we see we have anonymous access to FTP, there is a file that mentions there should be a passwords.txt on the desktop of nathan, after the web enumeration we find out there is a directory traversal. We can use this vulnerability to get the passwords.txt from nathans’s his desktop User After finding those passwords we still had to guess to who these belong, we have used crackmapexec for this. it turns out we have credentials for… Read More

HTB Walkthrough Dyplesher

Summary Dyplesher is released on 23 th of may in 2020 Foothold This machine was insane rated. in order to gain a foothold we had to dump .git folder. User After a lot of enumeration and a few logins we finally arrived to the login page where we can upload a malicious plugin so we can get a web shell with code execution, this way I could write my ssh key to this user and were able to login on the box, after looking around we see that we have a group called wireshark, this means we can intercept packets… Read More

HTB Walkthrough Fuse

Box Summary: Fuse has been released on 13th of june in 2020 Fuse is rated as Medium. From nmap we can see we are dealing with a AD machine, after visiting port 80 we get redirected to a DNS name, adding this DNS name to our HOST file and we were able to view the page, it’s a printer page wich contains print job history with value data like usernames. After poking around a bit we could concluded we needed a password, sinds Kerbroasting attack didn’t work we needed something else. after trying a lot we created a password list… Read More

HTB Walkthrough Magic

Enumeration Nmap Scan nmap -sV -sC Web page After this I ran gobuster, in order to enumerate the web page for files and directories. gobuster dir -u -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt.html We see some interesting pages:                 upload.php                 login.php The login page. Bypassing Login Page We can bypass this login page, by SQL injection. Resource: Username: ‘ or ”=’ Password: ‘ or ”=’ After we have logged into the website, we see an upload page. Where we can upload an image. Exploitation I tried simple uploading bypass to add .jpg at the end of the file.… Read More

Review Virtual Hacking Labs

Intro Are you interested in Virtual hacking labs? Before we dive into Virtual hacking labs itself I would like to share why I did Virtual Hacking Labs. I already mentioned on the about page I just got recently interested in security. After some researching I found out about Hack The Box. Hack The Box is a website where you need to ‘hack’ yourself into a machine. Hack The Box has different difficulties; Easy, Medium, Hard, Insane. But as a newbie I strongly recommend you to start with Virtual hacking labs instead of Hack The Box because when you start with… Read More

Welcome to S3cWalk

First post on S3cwalk. S3cWalk is a website where we have different subjects to talk about for example: Write Ups, Reviews and Handy tricks for pentesting and my own skill development journey