This was a fun Windows box with some web enumeration, SMB abuse, and a lot of Impacket practice for me.

— SPOILERS FOLLOW —

A new easy Linux box with some new to me issues and an old privilege escalation to root. It was a fun one and reminded me of a few things that I ought to remember more quickly. It’s good to get a reminder of the basics sometimes.

SPOILERS AHEAD

Forest… an ‘easy’ Windows host with some Kerberos issues, an interesting WinRM path, and overly permissive DACL permissions. This one had some real challenges for me and the final step to root was a technique that I’ve not had hands-on with before. A great learning experience for sure!

SPOILERS AHEAD

The Postman machine is a good example of a Redis cli vulnerability that leads to web dashboard access and a Webmin vulnerability. There are a couple of tricky spots in this machine and attention to detail is important to get through those spots. However there are very helpful blogs out there that can lead you through the process.

SPOILERS AHEAD

Time for more hackthebox.eu machines. Bitlab is a medium Linux box running a version of Gitlab with some issues. Enumeration and looking at code was a factor in this box as well as some eventual basic reverse engineering of a Windows executable. This box pushed me out of my comfort zone in a lot of ways and was VERY satisfying when I finally got it.

Back to the Wall with hackthebox.eu! This box was an interesting Linux box with some web app testing skills, some exploit code review and troubleshooting, and finally some Linux enumeration and exploit code moving for a comprehensive box. This was a challenge for sure and reminded me that I still have things to learn.

As always… spoilers ahead

This is a fun and basic Windows box that provides a good opportunity to practice checking usernames and passwords as you go in addition to learning some cool new techniques using Windows sysinternals, Ruby, and BitsAdmin.

SPOILERS AFTER HERE

This machine on Hack the Box was really fun. I have to admit I’m a lot more motivated when I have something I really want (like access to stickers) at the end. :)

HERE BE SPOILERS - YE BE WARNED

My first Hack the Box challenge! Taking on “Jerry”, mainly because I thought I knew what technology may be in play here based on the name and I felt that a nice easy on-ramp to these challenges would be a good place to start. I’m a big believer in momentum when it comes to hacking and thought processes so I like to engineer some early wins.

BIG SPOILERS IN THIS POST - YOU HAVE BEEN WARNED