Hacking Documentation

Useful resource for CTF's, hacking challenges and more!

  • Tool
    Gobuster - Guide and examples

    august 15th 2021

    Gobuster is a tool used to brute force URLs (directories and files) from websites, DNS subdomains, Virtual Host names and open Amazon S3 buckets. It can be particularly useful during CTF challenges that require you to brute force webserver data, but also during pentest engagements.

    Tags: gobuster bruteforce subdomain directory vhost web enumeration recon tools 80

  • Privilege Escalation
    Windows XP SP0/SP1 Privilege Escalation to System

    may 20th 2020

    This method of privilege escalation relies on vulnerable Microsoft Services. Most services in newer Windows versions (starting from Windows XP SP2) are no longer vulnerable. Vulnerable in this case, means that we can edit the services' parameters. This particular article focusses on the services SSDPSRV and upnphost.

    Tags: windows xp SP0 SP1 privilege escalation system upnphost SSDPSRV

  • Craft
    HackTheBox.eu - Craft

    february 25th 2020

    The user portion of this box revolves around the Gogs Craft API. We have to exploit an eval() vulnerability and dump a database to get the user flag. In order to gain root we have to exploit an application called Vault.

    Tags: htb hackthebox craft writeup walkthrough

  • SSH
    SSH - Local, Remote and Dynamic port forwarding

    april 08th 2019

    In this article we will cover the concept of local, remote and dynamic port forwarding via the Secure Socket Layer (SSH) protocol. This article is still partially under construction.

    Tags: ssh forwarding tunneling port 22

  • FCrackZip
    FCrackZip - ZIP Bruteforce Tutorial

    march 27th 2019

    fcrackzip searches each zipfile given for encrypted files and tries to guess the password. All files must be encrypted with the same password, the more files you provide, the better.

    Tags: fcrackzip tutorial bruteforce tools zip

  • Jerry
    HackTheBox.eu - Jerry

    january 12th 2019

    Jerry was one of the easiest boxes i've done so far. It was very straight forward with no rabbit holes. Unfortunatly there was no priv esc, as the user and root flag were together in the same file.

    Tags: htb hackthebox jerry writeup walkthrough

  • Tool

    january 12th 2019

    Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.

    Tags: netcat tutorial tools network foothold

  • Tool
    Nikto - Web Scanner Tutorial

    november 21th 2018

    Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

    Tags: nikto web scanner tutorial tools recon 80

  • Tool
    TheHarvester - Information Gathering Tutorial

    november 21th 2018

    TheHarvester is an OSINT tool for gathering subdomains, email addresses, open ports, banners, employee names, and much more from different pulic sources. (Google, Bing, PGP key servers, ...). In order to gather this information it will do active and passive information gathering.

    Tags: theharvester tutorial osint tools recon

  • Heartbleed
    Heartbleed vulnerability

    november 21th 2018

    Heartbleed is a vulnerability in the OpenSSL implementation - OpenSSL implemented the widely used protocols: SSL (Secure Sockets Layer) and TLS (Transport Layer Security). The flaw in OpenSSL gives an attacker the ability to extract encrypted data from TLS/SSL secured networks.

    Tags: heartbleed ssl vulnerability openssl