sábado, 5 de febrero de 2022

HTB - HORIZONTALL

 Introduction

IP: 10.10.11.105

S.O.: Ubuntu

For today I will show you how to exploit  strapi CMS via a RCE and Laravel also using a RCE

HTB - Granny

 Introduction

IP: 10.10.10.15

S.O: Windows


Today we have a windows machine exposing http port wich supports webdav protocol. We will abuse webdab to upload our malicious webshell and get a reverse shell.

From that we will escalate priviledges exploiting MS09-012 or Token Kidnapping

viernes, 4 de febrero de 2022

HTB CRONOS

Introduction

IP: 10.10.10.13

S.O: Linux

We will use a SQLi vulnerabilityto bypass an authentication system

From that point using a RCE we will get a shell in the victim

Then will privilege escalation abusing of a php script execute via cron as root.

domingo, 30 de enero de 2022

HTB - BASTARD

 IP: 10.10.10.9

S.O: Windows

Drupal / SeImpersonatePrivilege

Introduction

We will take advantage of a RCE in drupal to get a reverse shell.

Once in the system, we will escalate priviledge  with SeImpersonatePrivilege

lunes, 1 de noviembre de 2021

HTB - Legacy

Introduction

IP: 10.10.10.4

S.O: Windows 


Today we will break an easy Windows machine called Legacy

You will learn basic SMB vulnerabilities explotation

sábado, 5 de junio de 2021

HTB - Ready

For today we will break a retired and Medium HTB machine called Ready

You will learn basic linux and docker enumeration, we will take advantage of a  known gitlab vulnerability which will drive to a RCE