./s1gh.sh

SSBsaWtlIHRvIGJyZWFrIHN0dWZmLg==

  • > HackTheBox
  • > TryHackMe
  • > Vulnhub
  • > Tools

PDF + JavaScript = MFT Corruption?

By embedding specially crafted JS into a PDF, we can trigger a recently discovered vulnerability in the NTFS driver and potentially corrupt the MFT.

    24 January 2021
6 min read
CVE

CVE-2020-27985 - Security Onion - Local Privilege Escalation

Security Onion V2 (prior to v2.3.10) has an incorrect sudo configuration, which allows local users to obtain root access by editing and executing /home/USERNAME/SecurityOnion/setup/so-setup without supplying a password.

    20 November 2020
  • s1gh
2 min read
DIY

Ho-Ho-Honeypot

The holiday season is nearly upon us and it's time to get into the christmas spirit. And what better way to do exactly that than to combine a christmas tree with cyber security?

    15 November 2020
  • s1gh
6 min read
TryHackMe

TryHackMe: Ra

New weekly challenge on THM. This writeup covers CrackMapExec, Evil-WinRM, a new CVE in Spark and more.

    17 July 2020
  • s1gh
11 min read
Tools

ListCombine

So, this isn't a new, groundbreaking tool. Tools used to combine wordlists have existed since... forever. The problem is that I often find myself in the situation where I need a simple tool to create a combined wordlist, using either a prepend or append method.

    26 June 2020
  • s1gh
2 min read
TryHackMe

TryHackMe: Wonderland

New week, new challenge. This is my writeup of the Wonderland machine.

    06 June 2020
  • s1gh
7 min read
CVE

CVE-2020-13448 - QuickBox - Authenticated RCE/Privilege Escalation

QuickBox CE <= v2.5.5 and QuickBox Pro <= 2.1.8 are both affected by an authenticated remote code execution (RCE) and privilege escalation vulnerability. A low-privileged user can execute arbitary commands on the server with the privileges of the user running the web server...

    29 May 2020
  • s1gh
7 min read
HackTheBox

Hack The Box: RedCross

InfoName: RedCross IP Address: 10.10.10.113 Operating System: Linux Difficulty: 6.3/10 Base Points: 30 EnumerationAs always we start with a nmap scan to determine which ports are open and

    13 April 2019
  • s1gh
10 min read
Vulnhub

Vulnhub: DC-4

InfoName: DC-4 Operating System: Linux Url: http://www.five86.com/dc-4.html Release: 26 Mar 2019 Difficulty: Beginner/Intermediate Description: DC-4 is another purposely built vulnerable lab with the intent of gaining experience

    09 April 2019
  • s1gh
9 min read
Writeup

Lin.Security

InfoName: Lin.Security Operating System: Linux Url: https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/ Release: 11 Jul 2018 Difficulty: ??? Description: We have configured the box to simulate real-world vulnerabilities (albeit on a single host) which will

    06 April 2019
  • s1gh
12 min read
Vulnhub

Vulnhub: DC-3

InfoName: DC-3 Operating System: Linux Url: http://www.five86.com/dc-3.html Release: 26 Mar 2019 Difficulty: Beginner Description: DC-3 is another purposely built vulnerable lab with the intent of gaining experience in

    06 April 2019
  • s1gh
5 min read
Vulnhub

Vulnhub: DC-2

Today we are solving DC-2. This machine is created by DCAU7 who also created DC-1. Even though the machine is for beginners I figured I could try and solve it anyway.

    24 March 2019
  • s1gh
5 min read
Vulnhub

Vulnhub: RootThis 1

InfoName: RootThis: 1 Operating System: Linux Url: https://www.vulnhub.com/entry/rootthis-1,272/ Release: 5 Dec 2018 Difficulty: ??? Description: N/A EnumerationAs usual, let's start with a nmap scan to see what

    16 March 2019
  • s1gh
7 min read
Vulnhub

Vulnhub: unknowndevice64

Today we are solving "unknowndevice64" from Vulnhub - the most recent machine as of this writing.

    13 March 2019
  • s1gh
10 min read
Vulnhub

Vulnhub: ch4inrulz: 1.0.1

This is a writeup of how I solved CH4INRULZ. We go from a local file inclusion vulnerability, to bypassing an image upload, to RCE and finally a privilege escalation using DirtyCow. Let's go!

    08 March 2019
  • s1gh
9 min read
Vulnhub

Vulnhub: digitalworld.local: MERCY v2

From the author of the machine: MERCY is a machine dedicated to Offensive Security for the PWK course, and to a great friend of mine who was there to share my sufferance with me. :-) This is my writeup of this machine.

    03 March 2019
  • s1gh
8 min read
Vulnhub

Vulnhub: Casino Royale 1

This is a writeup of the recently released Casino Royale: 1 machine from Vulnhub

    02 March 2019
  • s1gh
13 min read
HackTheBox

Hack The Box: Sneaky

This is a writeup of the retired Hack The Box Sneaky machine.

    10 January 2019
  • s1gh
7 min read
HackTheBox

Hack The Box: Devel

This is a writeup of the retired Hack The Box Devel machine.

    09 January 2019
  • s1gh
6 min read
HackTheBox

Hack The Box: Jerry

This is a writeup of the retired Hack The Box Jerry machine.

    02 January 2019
  • s1gh
3 min read
HackTheBox

Hack The Box: Waldo

This is a writeup of the retired Hack The Box Waldo machine.

    01 January 2019
  • s1gh
8 min read
HackTheBox

Hack The Box: DevOops

This is a writeup of the retired Hack The Box Devoops machine.

    31 December 2018
  • s1gh
8 min read
./s1gh.sh © 2021
Latest Posts Twitter