Hello Guys , I am Faisal Husaini and this is my writeup on Medium for Bastion machine which has retired. My username on HTB is…

00:00 - Intro
00:45 - Begin of recon
01:45 - Looking at the website, checking source, robots.txt, etc
02:30 - Using GoBuster with PHP Extensions as HTTP Header said it had PHP Enabled
03:50 - Writing a simple PHP Code Execution script and trying to upload…

Hello! Everyone and Welcome to yet another CTF challenge from Hack the Box, called ‘Heist,’ which is available online for those who want to increase

01:05 - Begin of Recon
01:50 - Taking a look at the page, noticing the site is PHP, running GoBuster to find other PHP Files.
03:45 - Playing with the File Upload, failing to identify how uploaded files are stored
05:20 - Investigating PHP Files that GoBuster…

Hello Guys , I am Faisal Husaini. My username on HTB is “kNgF” . Also join me on discord.

00:59 - Begin of nmap, discover XAMPP
05:51 - Running GoBuster while we poke at the website
06:30 - Registering an account then seeing what new functions are avaialble
08:10 - Attempting to transfer money and discovering XSS
10:00 - Basic Cross Site Scripting…

00:00 - Intro
01:15 - Running NMAP and queuing a second nmap to do all ports
05:40 - Using LDAPSEARCH to extract information out of Active Directory
08:30 - Dumping user information from AD via LDAP then creating a wordlist of users
12:10 - Creating a custom…

OpenAdmin provided a straight forward easy box. There’s some enumeration to find an instance of OpenNetAdmin, which has a remote coded execution exploit that I’ll use to get a shell as www-data. The database credentials are reused by one of the users. Next…

Training Architect @ HackTheBox
"Potentially a legit security researcher"
he/him

https://t.co/GCcLVlmdQK
https://t.co/uQWVpw4nft
0xdf on discord

An online platform to test and advance your skills in penetration testing and cyber security.

Cascade was an interesting Windows all about recovering credentials from Windows enumeration. I’ll find credentials for an account in LDAP results, and use that to gain SMB access, where I find a TightVNC config with a different users password. From there…

Lazy was a really solid old HackTheBox machine. It’s a medium difficulty box that requires identifying a unique and interesting cookie value and messing with it to get access to the admin account. I’ll show both a padding oracle attack and a bit-flipping…

Rooting Joker had three steps. The first was using TFTP to get the Squid Proxy config and creds that allowed access to a webserver listening on localhost that provided a Python console. To turn that into a shell, I’ll have to enumerate the firewall and find…

HTB is the leading Cybersecurity Performance Center for advanced frontline teams to aspiring security professionals & students. Start driving peak cyber performance.

Let's play Cyber Mayhem! ⚔️
Watch this awesome video by Ippsec playing #HBG, explaining anything you need to know about this new way of playing and learning via #HTB.

HBG streaming is not allowed currently, but stay tuned as cool updates are coming up!…

Happy New Year #Hackers! 🥳 Feeling lucky in 2021 already? What's your FAVORITE #HTB MACHINE of 2020? Tell us why and what you learned from it! LIKE & COMMENT to get the chance to WIN VIP subs 😎 Rules in the 1st comment! #HackTheBox #CyberSecurity #Pentesting…