2025-05-12 | #HackTheBox #HTB-Easy #HTB-Linux
This machine is an easy rated Linux machine. This writeup will demonstrate how I was able to obtain root access. At the time of writing, this is an ACTIVE machine. Once the machine is retired, the rest of the content of this writeup will be published.
2025-05-07 | #HackTheBox #HTB-Easy #HTB-Linux
This machine is an easy rated Linux machine. This writeup will demonstrate how I was able to obtain root access. At the time of writing, this is an ACTIVE machine. Once the machine is retired, the rest of the content of this writeup will be published.
2025-05-05 | #HackTheBox #HTB-Medium #HTB-Windows
This machine is a retired medium rated Windows box. We are given the credentials to a user account that will give us our initial foothold. After our initial scanning we can see the services that are running and we get an easy access point using the olivia account over WinRM. Following on from here, we will need to use SharpHound as a collector for Bloodhound and do some AD enumeration. This will become important as we will need to come back to refer to it several times. In this box we will see the abuse of GenericAll, ForceChangePassword, GenericWrite, Kerberoasting, and DCSync for our AD attack vectors. We will also see some cracking of a password manager file in a psafe3 format. This box required quite a few user pivots before getting to the domain administrator.
2024-07-26 | #HackTheBox #HTB-Linux #HTB-Medium
Monitored is a medium rated retired Linux machine on HackTheBox. In this walkthough I demonstrate how I was able to obtain root access to this machine. This box will require you to use SNMP to get credentials for a disabled account. You will then need to abuse the API to get an authentication token. Next, find the right CVE to steal the administrator’s API key. With this key you can start adding users with admin access. Built in functionality can be abused to get a reverse shell. With this reverse shell you can then escalate your privileges by abusing the sudo permissions provided to the user account.
2024-07-08 | #HackTheBox #HTB-Easy #HTB-Linux
PermX is an easy rated Linux machine from week 12 of HackTheBox season 5 “Anomalies”. In this walkthrough, I will demonstrate how I was able to obtain root access to this machine. This box was a standard easy rated box with a privilege escalation vector that required a bit of thinking.
2024-07-07 | #HackTheBox #HTB-Medium #HTB-Windows
Blazorized was a medium rated Windows machine from week 11 of HackTheBox season 5 “Anomalies”. This rating was later changed to hard when it was retired. In this walkthrough, I will demonstrate how I was able to obtain root access to this machine. This box proved to be quite difficult for me and required very good enumeration.
2024-04-07 | #CTF
These writeups are for the OSINT challenges I solved while competing in DamCTF 2024 with my team, Bonzi_Brigade. This event took place from 06th April - 08th April. Our team scored 1380 points in total and came 27th out of 207 teams.
2024-04-03 | #CTF
These writeups are for the OSINT challenges I solved while competing in UTCTF 2024 with my team, Bonzi_Brigade. This event took place from 30th March - 01st April. Our team scored 4045 points in total and came 135th our of 854 teams.
2023-02-26 | #HackTheBox #HTB-Medium #HTB-Windows
This is box 2 in the Windows Privilege Escalation for Beginners course by TCM Security. This is a retired box rated at a difficulty score of medium. This one proved diffcult while I was doing it and I ran into some issues. I would like to revisit it in the future.
