Home
Quantumly Confused
Cancel

Hack the Box - Sniper

Hack the Box - Sniper

HTB Sniper machine walkthrough. From an initial LFI/RFI foothold within the company website, to abusing malicious Windows help files, Sniper presents the story of a disgruntled developer and their middle finger to the Administrator/CEO on their way out. Sniper was a fun machine with a new angle on the RFI approach I had not used before and allowed me an opportunity to work with CHM files, something I previously also had not done.

Hack the Box - Forest

Hack the Box - Forest

HTB Forest machine walkthrough. Forest started with Windows enumeration using SMB and LDAP queries that lead to leveraging a lingering service account with PRE_AUTH disabled for user access. Once on the machine, we were able to abuse the existing Active Directory entitlements to create a malicious user entry with the rights to perform a DCSync using Mimikatz to acquire the Administrator's hash, finally using it to execute a pass-the-hash escalation to Administrator.

Hack the Box - Postman

Hack the Box - Postman

HTB Postman machine walkthrough. Postman was a quick, simple machine from HTB. We start off with a redis exploit for initial foothold, then pivot to user by using JTR to crack a backup SSH key before finally using an authenticated Webmin exploit to escalate ourselves to root.

Hack the Box - Bankrobber

Hack the Box - Bankrobber

Starting with a client side XSS exploit to get admin app credentials, then chaining it with a localhost code execution bypass we get a user priviledged shell. A suspicious app running locally as System then presented a ... delicate ... buffer overflow opporunity to pivot into System priviledges.

Hack the Box - Zetta

Hack the Box - Zetta

HTB Zetta machine walkthrough. Starting with an FTP FXP IPv6 leak, to an rsync brute-force for user access to the machine. Once on, chained custom syslog messages with a postgres SQL injection to pivot user access. Finally, a dubious password policy leads to using discovered credentials and adapting them to the root password for system level access.

Quantum Computing - Hello World

Quantum Computing - Hello World

An introductary look into Quantum Computing including the mechanics, concepts and mathematics involved. The focus will then shift to a practical implementation of these concepts using simulated environments and the qiskit python framework.