In this series of posts ill cover basics of Kubernetes starting from setting a basic cluster with minikube. Kubernetes Basics: Installing Kubernetes with minikube. First of all we will go visit https://kubernetes.io/ to get the latest version of kubectl. We can also do it with the command above next well give it execute permissions. Run […]
Blue Writeup / Walkthrough Hack the box
TL;DR This is a writeup on Blue which is a Windows box categorized as easy on HackTheBox, and is primarily based on the exploitation of the Eternal Blue MS17-010 exploit without requiring the need for any privilege escalation to obtain the root flag. Walkthrough This writeup explains both, exploitation with and without Metasploit. Blue Writeup: […]
Devel Writeup/Walkthrough Hack the box
Devel Writeup Summary TL;DR This writeup is based on Devel which is an easy-rated machine on HackTheBox. It starts with FTP and HTTP. I will use FTP anonymous login to upload a webshell to get shell on the machine. Later on, I’ll use one of many Windows kernel exploit to gain system shell. It requires […]
Arctic Writeup / Walkthrough Hack the box
TL;DR This is a writeup on Arctic which is a Linux box categorized as easy on HackTheBox, and has Adobe’s ColdFusion as a primary service running on it. The exploitation essentially leverages enumeration and CVEs, namely Adobe ColdFusion – Directory Traversal & MS10_092. Interestingly, it does require us to escalate the user privileges for obtaining […]
Legacy Writeup/Walkthrough Hack the box
Legacy Writeup Summary TL;DR This writeup is based on Legacy on Hack the box. It was a windows box. It starts with Samba. In this machine, Samba has two bugs, which are SMB vulnerability(Eternal Blue or MS17-010) and Remote Code Execution vulnerability (MS08-067). We have both ways to exploit the vulnerability and get the shell. […]
How to Silver Ticket Attack Active directory
So Silver ticket attack is one of the ways to gain domain persistence. Once you have gained domain admin or you could dump hashes of a service account some how. To understand this attack please make sure you have a good understanding of Kerberos and its process. You can read my detailed explanation here. If you have recalled […]
How to Golden Ticket Attack Active directory
So Golden ticket attack is one of the ways to gain domain persistence once you have gained domain admin. To understand this attack please make sure you have a good understanding of Kerberos and its process. You can read my detailed explanation here. If you have recalled how Kerberos works let’s see where this attack […]
Lame Writeup / Walkthrough Hack the box
Lame Writeup Summary TL;DR This writeup is based on Lame on Hack the box. It was a Linux box. It starts with two major services, vsftpd, and Samba. We tried FTP logon but didn’t get anything interesting. Then try to exploit Samba service via command injection in the username field. Using samba service exploitation, we […]
How to Kerberos? its components and function
Today I’ll explain what Kerberos is. First, I will explain the advantages Kerberos has over other types of authentication. Then we will deep dive into how it works as a protocol. What is Kerberos ? – Kerberos Authentication Let’s say you are in an insecure network where you want to authenticate but don’t want to […]
What are cookies and why are they used? basics of web security
Cookies are small text files that have non-executable content in them these are just to store user’s information that the application might want to recognize the user because HTTP is stateless you need these once set are sent subsequently with each request. Many server-side frameworks provide functionality on how to parse them and make there […]