Table of Contents TL;DR: {SPOILER ALTERT} I’ve found a CD! It was just another boring day. The climate was perfect for a lazy day. It rained yesterday and the weather was cool. A chilly breeze was blowing occasionally, reminding me to go and take a nap or to watch a mystery series. But I wasContinue reading “A Starter’s guide on recovering damaged and rotten CDs”
A Beginner’s guide into Router Hacking and Firmware Emulation
Prelude This post is about the personal experiences of me; A noobie hacker- who is super new into router reversing and the challenges I had to face, the research I did and the things I had learned in the journey, partly mentioned in my previous post. After going through the experience of emulating a firmware,Continue reading “A Beginner’s guide into Router Hacking and Firmware Emulation”
The Story of How I Hacked my ISP’s Cheapo Standard Issue Router
Prelude OptiLink is a company based on India that specializes in manufacturing Networking Devices. Two of the largest Internet Service Providers in this country have provided / still providing OptiLink’s ONU (Optical Network Unit) devices as a cost effective ONU device for getting Fiber to home service in India. But, in the name of costContinue reading “The Story of How I Hacked my ISP’s Cheapo Standard Issue Router”
Hack The Box: Pikaboo
Prelude Pikaboo is an intermediate machine from Hack The Box, developed by pwnmeow & polarbearer. This was a pretty great box, which follows the same principle as the machine Breadcrumbs, where we have to craft an exploit chain to get the initial foothold and to escalate privileges. Pikaboo started by exploiting Nginx off-by-slash fail bug and gainingContinue reading “Hack The Box: Pikaboo”
Hack The Box: Intelligence
Prelude Intelligence is an intermediate Windows machine from HTB, developed by Micah. This was a little harder than regular intermediate machines for me, since my Active Directory skills are still under development. This machine is also one of the few machines (also the first machine I’ve ever encountered) from HTB, where the player only getsContinue reading “Hack The Box: Intelligence”
Hack The Box: Pit
Prelude Pit is an intermediate machine from Hack The Box developed by polarbearer & GibParadox. This was not an easy box in any way and I almost lost my mind over this machine. But, this machine strongly reinforced the importance of in depth enumeration and I believe that it is the whole theme of this machine. GettingContinue reading “Hack The Box: Pit”
OSCP like Vulnhub machines: IMF: 1
IMF:1 is the final machine from abatchy’s OSCP like Vulnhub machines list. I can’t say I have completed all the machines from the list, since I have skipped two machines. /dev/random:scream and Brainpan. I skipped scream because I felt that scream is just way too easy machine (since it is intended for absolute beginners) andContinue reading “OSCP like Vulnhub machines: IMF: 1”
An Introduction into Linux Buffer Overflows
Today we are going to learn more about how to exploit a Buffer Overflow vulnerability in Linux. We aren’t going to get into fancy stuff like ASLR bypass or Return Oriented Programming; Instead we are going to stick to the basics here. Everyone needs to start somewhere, Right? Consider this post as our baby stepsContinue reading “An Introduction into Linux Buffer Overflows”
OSCP like Vulnhub machines: Mr.Robot:1
Download VM Mr.Robot:1 is an easy-medium boot2root machine, which was inspired by the popular hacking themed web series Mr.Robot. This machine had puzzles that had to be solved in both the CTF way and realistic way. Overall this machine was pretty straightforward for me (Except the CTF method, which required little bit of guesswork). DueContinue reading “OSCP like Vulnhub machines: Mr.Robot:1”
Hack The Box: PhotoBomb
Photobomb was an easy machine from HTB, developed by slartibartfast. This was a good machine, which demonstrated how to exploit weak sanitation checks with the help of error output. For initial foothold, we have to find hardcoded credentials inside a JS file and use that to access the restricted file download page. Once we areContinue reading “Hack The Box: PhotoBomb”
Hack The Box: Forge
Prelude Forge is an intermediate machine from Hack The Box, developed by NoobHacker9999. I really liked this machine for the initial foothold process. Forge have some internal service and an external website. The external website have an SSRF vulnerability and we can exploit it to access the internal services and eventually get the user shell.Continue reading “Hack The Box: Forge”
Hack The Box: Catch
Catch was an Intermediate machine from Hack The Box, developed by MrR3boot. This was a great machine and had several services running. I believe the idea for creating this machine was to push the players to research broader and deeper. We start by decompiling an APK provided by a static website to find some hardcodedContinue reading “Hack The Box: Catch”
Hack The Box: Routerspace
Routerspace is an easy box from HackTheBox developed by h4rithd. This machine had an interesting foothold vector, which included an APK file. We would need to setup an android testing setup to capture the request to a vulnerable API from the android application to proceed. Once the endpoint is identified, we can then use OSContinue reading “Hack The Box: Routerspace”
Hack The Box: Undetected
Undetected was an intermediate machine from HackTheBox, developed by TheCyberGeek. This was an incredible box, which showed several real-life like scenarios and was a great learning experience. For initial foothold, I’ve exploited an RCE vuln in PHPUnit. Once I’ve got a shell in the target, I’ve cracked a hardcoded Unix hash inside a custom maliciousContinue reading “Hack The Box: Undetected”
The Idea Behind Paper
It was a usual morning for me. I’ve had my coffee and I was sitting in front of my computer, still recovering from my sleep. Usually it would be time for me to select a box from Hack The Box and spend my rest of the day understanding, taking notes, getting defeated, getting frustrated, andContinue reading “The Idea Behind Paper”
Hack The Box: Meta
Meta was an easy machine from HTB developed by Nauten. In terms of exploitation, this box was pretty straightforward and getting user is where most of the work at. We’ll get a foothold in the box by exploiting an RCE in Exiftool. Once we’ve got the shell, we can find a hidden cronjob executing mogrifyContinue reading “Hack The Box: Meta”
Hack The Box: Pandora
Pandora was an easy machine from HTB, developed by TheCyberGeek & dmw0ng. This was an easy box and it demonstrated the importance of manual enumeration and the importance of accuracy in scan results. For the foothold, we have to do an snmpwalk output to get credentials of a low privilged user. We can use this credential toContinue reading “Hack The Box: Pandora”
Hack The Box: Unicode
Unicode was an intermediate machine developed by wh0am1root. This was a pretty interesting machine and it is all about bypassing filters. It had a cool initial foothold vector involving crafting a custom JWT, by using an open redirect vulnerability to bypass a JWK URL filter. After that, we could exploit an LFI to get aContinue reading “Hack The Box: Unicode”
SecNigma