Today, let’s pivot from hacking into the mysterious realm of containers. Containers are the backbone of today’s infrastructure, providing lightweight environments for running applications. Docker might ring a bell, but ever wondered about the magic behind the scenes? Let’s delve deep by building our container using Go, a popular programming language known for its simplicity…More
Introducing Commander: A Command and Control Framework for Security Testing
Are you looking for a versatile and powerful command and control (C2) framework for your security testing needs? Look no further! Introducing Commander, a C2 framework written in Python, Flask, and SQLite, featuring two agents in Python and C. Commander is designed for seasoned security professionals and is not script-kiddie friendly. Its key features include:…More
Introducing Paraforce: A Powerful and Configurable SSH Brute Force Tool
Say goodbye to weak SSH passwords with Paraforce, a highly customizable Python-based brute force solution. Find the source code on GitHub As cybersecurity threats continue to evolve, it’s essential to stay one step ahead. Brute force attacks remain a prevalent threat, and SSH logins are no exception. To help combat this, I introduce Paraforce, a…More
HTB – Netmon Walk-through
The machine we are going to root is the Netmon box. As always we start the scan with nmap The most useful ports for this machine are the 21 and 80. If we navigate to the web page we will see that it is a login page for the PRTG network monitor app. If we…More
HTB – Grandpa/Granny Walk-through
Today we will root two boxes from HTB that are so similar that the same techniques can be used. The boxes are the Grandpa and Granny. Also we will escalate our privilages with two different manual ways Initial foothold PrivEsc with Churrasco PrivEsc with MS14-070 As always we start the scan with nmap We see…More
HTB – Bashed Walk-through
Today we will root manually Bashed Box. Let’s see how We scan the machine We enumerate the website using gobuster And we see the following available folders with most interest the /dev If we follow the /dev folder we see that we can open a non-interactive and non-persistent shell. Since we have a foothold on…More
HTB – Optimum Walk-through
Today we will root manually Optimum Box. Let’s see how We scan the machine We see that only one port is open, port 80. If we navigate there we see that an HttpFileServer httpd 2.3 is running. If we search the exploit-db we see this A remote command execution script. So we will use this…More
HTB – Nibbles Walk-through
Today we will root manually the Niblles Box. Let’s see how We scan the machine We see two ports open. ssh and a web service on port 80. if we visit the site and check the source we see that a comment directing us to nibbleblog exists. So we enumerate the nibbleblog if we enum…More
HTB – Jerry Walk-through
Today we will root manually the Devel Box. Let’s see how We scan the machine The only service that this machine has is an Apache Tomcat service. If we visit the ip on that port we do not see anything useful. As we know that this is a tomcat server we can visit the /manager…More
HTB – Devel Walk-through
Today we will root manually the Devel Box. Let’s see how We scan the machine We have two ports open, a ftp service which allows anonymous logins and also to upload files and a http server that doesn’t host anything. From the descriptions of the ftp files we can suspect that this server might run…More
VostDev 