The Petting Zoo – CTF


The Las Vegas local hacking group, DC702, will be hosting a Capture The Flag (CTF) event at Creech Air Force Base to promote cyber education. Presenters include intelegence professionals who will describe worldly hacks and the orginizations from which they originate. This post describes the thoughtful process that went into creating the various challenes that will be used for the challenges.

Plesae note that our experts use this daily, and this post is intended to give its audience a basic understanding of Docker and how systems can be developed using it.

Continue Reading

GPU Passthrough on XCP-ng


This is a running log of an attempt to create a hashcat server on an XCP-ng server using PCI passthrough to an Ubuntu virtual machine.

NOTE: This is the GPU I’m using:


NOTE: Reference Download:

After downloading the ISO, I simply created a VM with 12 cores and 48 GB RAM

Then, I installed hashcat

sudo apt install hashcat

Continue Reading

Bastard on HTB – Retired




Nmap 7.91 scan initiated Fri Feb 12 23:36:02 2021 as: nmap -A -p- -T4 -oG nmap.init
Host: () Status: Up
Host: ()
80/open/tcp//http//Microsoft IIS httpd 7.5/,
135/open/tcp//msrpc//Microsoft Windows RPC/,
49154/open/tcp//msrpc//Microsoft Windows RPC/
Ignored State: filtered (65532)
Nmap done at Fri Feb 12 23:38:42 2021 — 1 IP address (1 host up) scanned in 160.81 seconds

Continue Reading

HTB – Bank – FH: DNS / File Upload

The Bank box was the first time I ran into virtual hosts on a web server. Till now, I’ve been able to discover all of the directories with a simple dirb or gobuster scan… this time was very different.

The NMAP scan showed only a few ports open. 22, 53, and 80. I always bypass 22 because there are rarely SSH exploits that go quick, so it was on to the other two ports. Interestingly, they had DNS running on port 53 and the description was ICS BIND. Bind is the Berkeley Internet Name Domain, and ISC bind can run in a large number of Linux environments. In this case, it was used to map to folders that didn’t show on an IP address scan of the machine.

Continue Reading

HTB – Haircut – FH: Curl

The only ports available on the Haircut box were 22, and 80. As SSH usually reveals no interesting attack vectors, it’s always best to go for port 80. So I visited the site.

Continue Reading

HTB – Sneaky – FH: SQLI

Foot-hold: SQL Injection

This box is going to make me do some learning! It was extremely basic in the scans, and didn’t reveal hardly anything. NMAP only showed port 80, and gobuster showed a folder called /dev. Those were two things that could easily be put together to give a hint as to the way forward.

Continue Reading

HTB – October – FH: File Upload

Foot-hold: File upload after logging in

On October, only ports 22 and 80 were open. It was pretty obvious to go check on the website to see what was up.

Continue Reading

HTB – Cronos – FH: DNS, then SQL Injection

Foot-hold: DNS, then SQL Injection

NMAP shoed a few ports for http, DNS, and SSH.
I wanted to go ahead and check for any exploits for Apache. Turns out that a lot of these Hack The Box ‘boxes’ run the same Apache. So I’ve seen this dance before. I can confirm that I can GET, POST, etc to the Apache server… but I haven’t been able to exploit this so far. The google search for Apache 2.4.18 revealed an attack called Optionsblee that I’ve seen before.

Continue Reading

HTB – Bastard – FH: Drupalgeddon2

Foot-hold: Remote Code Execution with Drupalageddon2

Nmap showed a few ports open, but it was obvious that the website was to be exploited for this box. The website shows a Drupal install.

Continue Reading

HTB – Beep – FH: LFI

Foot-hold: Local File Inclusion

For the Beep box, there were several ports found with NMAP. Some looked like mail servers, and others for MySQL and other things. So I explored around for each of them.

Found login page via
Port 80 redirects to this…

Continue Reading
Scroll to top