Month: July 2020

hacker in flight guide
Hack The Box KALI LINUX METASPLOIT TRAINING WINDOWS

HTB – Legacy & Lame – FH: Samba (SMB)

I mentioned not long ago that I am going to change my learning strategy a bit… my goal has always been to accomplish hacks and pwn machines; but right now, I think that my goal should be concentrated on the initial foot-hold of the boxes. Because of this small (temporary) change in strategy, I’ve moved from the Try Hack Me platform, to primarily the Hack The Box platform.

What HTB doesn’t give you is guidance toward what it takes to pwn a machine. THM does that every time, and it’s the primary way that the site works. Although there are a ton of writeups on HTB, they are not required to accomplish the pwn of a box. Therefore, what I am going to do is all of the initial reconnaissance and scans for each of the HTB boxes to which I am interested. At the same time, I’ll be taking a ton of notes… but not learning notes… I am not concentrated on writing reports based on the results of what I’ve found. I have a feeling this will prepare me for what I will find in the future.

Continue Reading
hacker in flight guide
Hack The Box KALI LINUX PRIORITIES TRAINING

The Perfect Importance

I lied a bit in my previous post. I said that my next step after finishing a course in hacking was to organize my notes, and change this website so that it reflects them. The past week, I did quite a bit opposite to that!

After looking at my notes, I got very much interested in learning more. So much so, that I begin two more courses. One was in Web Application Testing, and the other was in Windows Privilege Escalation. I just couldn’t stop learning! The right answer was to do what I described in the previous paragraph, but something just led me to absolutely wanting to know more. I couldn’t stand the fact that there was so much more knowledge out there to learn. In perusing these new courses, I learned a lot, but still needed to take a step back.

Continue Reading
hacker in flight guide
KALI LINUX SQL Injection TRAINING TRY HACK ME

THM – Simple CTF

Tonight, I decided to go into a CTF box. I’ve been watching tons of CTF videos by John Hammond and The Cyber Mentor, so it was a logical step in trying to pwn a new box on Try Hack Me.

The tutorial was rather vague. I wasn’t sure why it was asking about port 1000 in since NMAP was only showing other ports. For that question of how many services were running on port 1000, I simply took a guess and got it right.

To start owning the box, I did the standard NMAP and Directory scanning. The Gobuster results were fairly quick, and showed a directory that reveiled a service being run called CMS Made Simple. It was pretty easy to find an exploit… I googled “exploit CMS made simple.” This reveiled the CVE number, and a python script.

The python script (after making it executable) had some errors. It turns out that I didn’t have some required imports for the script. After a pip install, it actually ran.

Continue Reading
hacker in flight guide
Computer Build

Computer Rebuild

Recently, I rebooted my computer and got a warning message that said that my CPU was over-temp’ing. Being that I had it water cooled and overclocked, this was not a good message… so I did some upgrading, and man am I happy with it!

 

My old rig was made up of Rosewill components and I was pretty happy with the way it came together, but it was definitely cramped. I liked how it looked, but there was no intake on the front of the case, and the bottom was not big enough for the new 3-fan radiator that I bought to replace my old 1-fan rad.

Continue Reading
hacker in flight guide
KALI LINUX TRAINING TRY HACK ME

THM – Hydra

A couple days ago, on the TryHackMe.com website, I clicked on a machine that was labeled very easy. I figured it wouldn’t take me long to try out the tool called Hydra to which they were referring… man was I wrong!

I wasn’t wrong because it was difficult; far from that. I was wrong because i thought it wouldn’t take much time. The results of my efforts were interesting and fun, but it took me quite a while to strategize how I was going to accomplish the pwn.

Continue Reading
Scroll to top