./s1gh.sh

Discord DLL Hijacking

By hijacking a DLL we can use Discord as a way of getting persistence on a compromised system. Nothing new but a fun experiment nonetheless.

Exploits

PDF + JavaScript = MFT Corruption?

By embedding specially crafted JS into a PDF, we can trigger a recently discovered vulnerability in the NTFS driver and potentially corrupt the MFT.

CVE

CVE-2020-27985 - Security Onion - Local Privilege Escalation

Security Onion V2 (prior to v2.3.10) has an incorrect sudo configuration, which allows local users to obtain root access by editing and executing /home/USERNAME/SecurityOnion/setup/so-setup without supplying a password.

DIY

Ho-Ho-Honeypot

The holiday season is nearly upon us and it's time to get into the christmas spirit. And what better way to do exactly that than to combine a christmas tree with cyber security?

TryHackMe

TryHackMe: Ra

New weekly challenge on THM. This writeup covers CrackMapExec, Evil-WinRM, a new CVE in Spark and more.

Tools

ListCombine

So, this isn't a new, groundbreaking tool. Tools used to combine wordlists have existed since... forever. The problem is that I often find myself in the situation where I need a simple tool to create a combined wordlist, using either a prepend or append method.

TryHackMe

TryHackMe: Wonderland

New week, new challenge. This is my writeup of the Wonderland machine.

CVE

CVE-2020-13448 - QuickBox - Authenticated RCE/Privilege Escalation

QuickBox CE <= v2.5.5 and QuickBox Pro <= 2.1.8 are both affected by an authenticated remote code execution (RCE) and privilege escalation vulnerability. A low-privileged user can execute arbitary commands on the server with the privileges of the user running the web server...

HackTheBox

Hack The Box: RedCross

InfoName: RedCross IP Address: 10.10.10.113 Operating System: Linux Difficulty: 6.3/10 Base Points: 30 EnumerationAs always we start with a nmap scan to determine which ports are open and

Vulnhub

Vulnhub: DC-4

InfoName: DC-4 Operating System: Linux Url: http://www.five86.com/dc-4.html Release: 26 Mar 2019 Difficulty: Beginner/Intermediate Description: DC-4 is another purposely built vulnerable lab with the intent of gaining experience

Writeup

Lin.Security

InfoName: Lin.Security Operating System: Linux Url: https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/ Release: 11 Jul 2018 Difficulty: ??? Description: We have configured the box to simulate real-world vulnerabilities (albeit on a single host) which will

Vulnhub

Vulnhub: DC-3

InfoName: DC-3 Operating System: Linux Url: http://www.five86.com/dc-3.html Release: 26 Mar 2019 Difficulty: Beginner Description: DC-3 is another purposely built vulnerable lab with the intent of gaining experience in

Vulnhub

Vulnhub: DC-2

Today we are solving DC-2. This machine is created by DCAU7 who also created DC-1. Even though the machine is for beginners I figured I could try and solve it anyway.

Vulnhub

Vulnhub: RootThis 1

InfoName: RootThis: 1 Operating System: Linux Url: https://www.vulnhub.com/entry/rootthis-1,272/ Release: 5 Dec 2018 Difficulty: ??? Description: N/A EnumerationAs usual, let's start with a nmap scan to see what

Vulnhub

Vulnhub: unknowndevice64

Today we are solving "unknowndevice64" from Vulnhub - the most recent machine as of this writing.

Vulnhub

Vulnhub: ch4inrulz: 1.0.1

This is a writeup of how I solved CH4INRULZ. We go from a local file inclusion vulnerability, to bypassing an image upload, to RCE and finally a privilege escalation using DirtyCow. Let's go!

Vulnhub

Vulnhub: digitalworld.local: MERCY v2

From the author of the machine: MERCY is a machine dedicated to Offensive Security for the PWK course, and to a great friend of mine who was there to share my sufferance with me. :-) This is my writeup of this machine.