Home
Korbinian Spielvogel
Cancel

Hack The Box Writeup - October

Enumeration As always, we start by scanning the target machine’s open ports: rustscan --ulimit 5000 10.129.225.172 -- sV -sC -oN nmap_scan PORT STATE SERVICE REASON VERSION PORT STATE SERV...

Hack The Box Writeup - Forge

Enumeration As always, we start by scanning the target machine’s open ports: rustscan --ulimit 5000 10.129.224.118 -- sV -sC -oN nmap_scan PORT STATE SERVICE REASON VERSION 22/tcp open ssh ...

Hack The Box Writeup - Explore

Enumeration First, we start by scanning the target machine’s open ports. As I’ve never done a pentest for an Android system, we might have to spend some extra time on the enumeration. rustscan --...

Hack The Box Writeup - BountyHunter

BountyHunter is an easy Linux box. To get initial access to the system, the BountyHunter Bug Report form has to be exploited. It is vulnerable to XXE, thus allowing us to include arbitrary files of...

Hack The Box Writeup - Cap

Cap is an easy Linux box. By exploiting a IDOR in the web application, we got access to a PCAP file, which contained credentials for FTP. Re-using these credentials for the SSH login gave us initia...

Hack The Box Writeup - Academy

Academy is an easy Linux box. First, a web vulnerability in the registration form had to be exploited in order to get access to the website as an admin. Once we had access, the admin page revealed ...

Hack The Box Writeup - Doctor

Enumeration rustscan --ulimit 5000 10.129.2.21 -- -sV -o port_scan PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux; protocol 2.0) 8...

Hack The Box Writeup - Bank

Bank is an easy Linux box. First, we had to exploit a vulnerable file upload that still contained debug comments in the source. This allowed us to get initial shell access to the system. To get roo...

Research Project - Securing the In-Vehicle CAN Bus

An increasing number of external interfaces allows adversaries to virtually break into modern road vehicles. For this reason, researchers came up with multiple security frameworks for in-vehicle ne...