Useful resource for CTF's, hacking challenges and more!
Last Updated: september 12th 2024
A complete guide which covers internal and external host discovery using passive and active methods. Contains in-depth explanation and examples for tools like Nmap, Netdiscover and arp-scan.
Tags: host recon discovery scanning enumeration guideLast Updated: september 10th 2024
A comprehensive guide based on the techniques from the MITRE ATT&CK framework. It shows multiple examples on how the techniques can be used in the real world coupled with an understandable technical explanation.
Tags: MITRE ATT&CK subdomain recon active scanning enumeration guideLast Updated: march 28th 2024
Gobuster is a tool used to brute force URLs (directories and files) from websites, DNS subdomains, Virtual Host names and open Amazon S3 buckets. It can be particularly useful during CTF challenges that require you to brute force webserver data, but also during pentest engagements.
Tags: gobuster bruteforce subdomain directory vhost web enumeration recon tools 80Last Updated: may 20th 2020
This method of privilege escalation relies on vulnerable Microsoft Services. Most services in newer Windows versions (starting from Windows XP SP2) are no longer vulnerable. Vulnerable in this case, means that we can edit the services' parameters. This particular article focusses on the services SSDPSRV and upnphost.
Tags: windows xp SP0 SP1 privilege escalation system upnphost SSDPSRVLast Updated: february 25th 2020
The user portion of this box revolves around the Gogs Craft API. We have to exploit an eval() vulnerability and dump a database to get the user flag. In order to gain root we have to exploit an application called Vault.
Tags: htb hackthebox craft writeup walkthroughLast Updated: september 10th 2024
fcrackzip searches each zipfile given for encrypted files and tries to guess the password. All files must be encrypted with the same password, the more files you provide, the better.
Tags: fcrackzip tutorial bruteforce tools zipLast Updated: january 12th 2019
Jerry was one of the easiest boxes i've done so far. It was very straight forward with no rabbit holes. Unfortunatly there was no priv esc, as the user and root flag were together in the same file.
Tags: htb hackthebox jerry writeup walkthroughLast Updated: september 10th 2024
Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.
Tags: netcat guide tools network foothold scanningLast Updated: september 10th 2024
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
Tags: nikto web scanner guide tools recon 80Last Updated: september 10th 2024
TheHarvester is an OSINT tool for gathering subdomains, email addresses, open ports, banners, employee names, and much more from different public sources. (Google, Bing, PGP key servers, ...). In order to gather this information it will do active and passive information gathering.
Tags: theharvester guide osint tools reconLast Updated: november 21th 2018
Heartbleed is a vulnerability in the OpenSSL implementation - OpenSSL implemented the widely used protocols: SSL (Secure Sockets Layer) and TLS (Transport Layer Security). The flaw in OpenSSL gives an attacker the ability to extract encrypted data from TLS/SSL secured networks.
Tags: heartbleed ssl vulnerability openssl