Hacking Documentation

Useful resource for CTF's, hacking challenges and more!

Gobuster - Guide and examples
august 15th 2021

Gobuster is a tool used to brute force URLs (directories and files) from websites, DNS subdomains, Virtual Host names and open Amazon S3 buckets. It can be particularly useful during CTF challenges that require you to brute force webserver data, but also during pentest engagements.
Tags: gobuster bruteforce subdomain directory vhost web enumeration recon tools 80
Windows XP SP0/SP1 Privilege Escalation to System
may 20th 2020

This method of privilege escalation relies on vulnerable Microsoft Services. Most services in newer Windows versions (starting from Windows XP SP2) are no longer vulnerable. Vulnerable in this case, means that we can edit the services' parameters. This particular article focusses on the services SSDPSRV and upnphost.
Tags: windows xp SP0 SP1 privilege escalation system upnphost SSDPSRV
HackTheBox.eu - Craft
february 25th 2020

The user portion of this box revolves around the Gogs Craft API. We have to exploit an eval() vulnerability and dump a database to get the user flag. In order to gain root we have to exploit an application called Vault.
Tags: htb hackthebox craft writeup walkthrough
SSH - Local, Remote and Dynamic port forwarding
april 08th 2019

In this article we will cover the concept of local, remote and dynamic port forwarding via the Secure Socket Layer (SSH) protocol. This article is still partially under construction.
Tags: ssh forwarding tunneling port 22
FCrackZip - ZIP Bruteforce Tutorial
march 27th 2019

fcrackzip searches each zipfile given for encrypted files and tries to guess the password. All files must be encrypted with the same password, the more files you provide, the better.
Tags: fcrackzip tutorial bruteforce tools zip
HackTheBox.eu - Jerry
january 12th 2019

Jerry was one of the easiest boxes i've done so far. It was very straight forward with no rabbit holes. Unfortunatly there was no priv esc, as the user and root flag were together in the same file.
Tags: htb hackthebox jerry writeup walkthrough
Netcat
january 12th 2019

Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.
Tags: netcat tutorial tools network foothold
Nikto - Web Scanner Tutorial
november 21th 2018

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
Tags: nikto web scanner tutorial tools recon 80
TheHarvester - Information Gathering Tutorial
november 21th 2018

TheHarvester is an OSINT tool for gathering subdomains, email addresses, open ports, banners, employee names, and much more from different pulic sources. (Google, Bing, PGP key servers, ...). In order to gather this information it will do active and passive information gathering.
Tags: theharvester tutorial osint tools recon
Heartbleed vulnerability
november 21th 2018

Heartbleed is a vulnerability in the OpenSSL implementation - OpenSSL implemented the widely used protocols: SSL (Secure Sockets Layer) and TLS (Transport Layer Security). The flaw in OpenSSL gives an attacker the ability to extract encrypted data from TLS/SSL secured networks.
Tags: heartbleed ssl vulnerability openssl