Jul 12

Routing/Networking VMs Traffic on VPN

When working on CTFs, usually people use kali/parrot but sometimes also need to run Windows VM for some functionality that’s probably easier using windows. But It is very painful to disconnect VPN from one OS to another. …

Htb

3 min read

Nov 14, 2020

HowTo Setup Local CVE API Server

cve-search After getting fed up of going through every CVE, needed something to make my life easy. Doing some googling i found this SANS article. So i thought of giving it a try. If you follow this hopefully will work without issues. Ubuntu 20.04.1 LTS Server Update the package list: jsinix@scriptor:~ sudo apt update…

2 min read

Published in HackTheBox WriteUps By — jsinix

·Oct 17, 2020

Hack The Box :: Active

Group policy embedded password | kerberoasting Run nmap confirms its a domain controller Enum the shares

2 min read

Hack The Box :: Active

Group policy embedded password | kerberoasting

Run nmap confirms its a domain controller

Enum the shares

Published in HackTheBox WriteUps By — jsinix

·Oct 16, 2020

Hack The Box :: Jerry

Default credentials Run nmap and get the service running on 8080

2 min read

Hack The Box :: Jerry

Default credentials

Run nmap and get the service running on 8080

Published in HackTheBox WriteUps By — jsinix

·Oct 16, 2020

Hack The Box :: Bounty

HTTP Upload File Restriction | UnPatched OS Run nmap and then gobuster to discover the transfer.aspx webpage Looks like png and jpeg are allowed but when trying .aspx extension its blocked.

3 min read

Hack The Box :: Bounty

HTTP Upload File Restriction | UnPatched OS

Run nmap and then gobuster to discover the transfer.aspx webpage

Looks like png and jpeg are allowed but when trying .aspx extension its blocked.

Published in HackTheBox WriteUps By — jsinix

·Oct 15, 2020

Hack The Box :: Sunday

Careless sudo permissions Run nmap, looks like finger is open that can be used to do some recon. Also running a service scan tells that SSH is running on non standard port.

2 min read

Hack The Box :: Sunday

Careless sudo permissions

Run nmap, looks like finger is open that can be used to do some recon.

Also running a service scan tells that SSH is running on non standard port.

Published in HackTheBox WriteUps By — jsinix

·May 2, 2020

Hack The Box :: Bashed

PHP unrestricted web shell Run NMAP Only a web server. Running dirb on it

2 min read

Published in HackTheBox WriteUps By — jsinix

·May 2, 2020

Hack The Box :: Sense

pfsense | default credentials | exposed unattended files Run NMAP to see what the machine is running Visiting the web server gives pfsense login page. It doesnt accept default credentials admin/pfsense. Running directory recon on the web server.

2 min read