Latest News

Connection Techniques

STANDARD SSH COMMAND

Continue reading

PrintNightmare

WINDOWS PRINTER DRIVER

Here’s a fun rundown of a zero day vulnerability that was seen last year. It was called PrintNightmare, and it ravaged through some Windows computers. It used two CVEs that first grabbed credentials through SMB, and second allowed privilege escalation through the printer spool. I was able to play with this through a practice computer found on Hack The Box but can’t reveal its name due to it still being an active challenge (against the rules). In any case, seeing the exploit in action below should give you a good idea of the exploit’s capabilities.

RESOURCE FOR SMB SHARE SCF

Excerpt from this site:

When the user will browse the share a connection will established automatically from his system to the UNC path that is contained inside the SCF file. Windows will try to authenticate to that share with the username and the password of the user. During that authentication process a random 8 byte challenge key is sent from the server to the client and the hashed NTLM/LANMAN password is encrypted again with this challenge key. Responder will capture the NTLMv2 hash.

With basic credentials, this .scf file can be used to initiate a flow of viewable information. Before uploading, make a responder available to receive the information.

Continue Reading

The Petting Zoo – CTF

DC702 CTF FOR CREECH AFB

The Las Vegas local hacking group, DC702, will be hosting a Capture The Flag (CTF) event at Creech Air Force Base to promote cyber education. Presenters include intelegence professionals who will describe worldly hacks and the orginizations from which they originate. This post describes the thoughtful process that went into creating the various challenes that will be used for the challenges.

Plesae note that our experts use this daily, and this post is intended to give its audience a basic understanding of Docker and how systems can be developed using it.

Continue Reading

Status Report 20211004

WHAT HAVE I BEEN UP TO?

The Journey Continues…

It’s been quite a while since I’ve revisited my website. I’ve been continuing to learn, hack, play, tinker, and do whatever else I can find. My journey to the OSCP goal has taken an alternative route, but I see it as a great one. When I started that journey, I was in a job where I had some free time, and planned to take 30 days to simply take the course (complete all the OSCP labs), and finish up the certification. Since then, I’ve found myself in a much more demanding job and can’t aford to take the 30 days required to give at least 40 hours a week to only hacking. As a result, I continue to hack on the "Hack The Box" system, and persue more obtainable goals related to the time that I can dedicate.

Continue Reading

BitBlaze Transactions – save costs

BITBLAZE

BitBlaze was costing me over $65/month when storage is so cheap… why?

NOTE: Reference: https://www.backblaze.com/

BackBlaze is an amazing off-site storage solution. Keep in mind that when you set this up, you should encrypt your files from the source before uploading them to backblaze. TrueNAS makes this extremely easy to do using "Cloud Sync Tasks" under the Tasks menu. After creating a BackBlaze account, create a B2 bucket. Then, add an API to it that can be used in your TrueNAS system. You can use those APIs under the "Cloud Credentials" menu located under the System tab.

After configuring your backups, you need to know that there are costs involved. To do transactions (upload your files), your system will be using certain API calls. These calls are recorded and charged. This writeup will explain how I found out that these transactions were costing me more money than I accounted for.


Continue Reading

GPU Passthrough on XCP-ng

USES UBUNTU 18.06.6 SERVER

This is a running log of an attempt to create a hashcat server on an XCP-ng server using PCI passthrough to an Ubuntu virtual machine.

NOTE: This is the GPU I’m using: https://www.nvidia.com/content/grid/pdf/grid_k1_bd-06633-001_v02.pdf


INSTALL ON XCP-NG AS A NEW SERVER

NOTE: Reference Download: https://releases.ubuntu.com/18.04.6/

After downloading the ISO, I simply created a VM with 12 cores and 48 GB RAM

Then, I installed hashcat

sudo apt install hashcat

Continue Reading

Bastard on HTB – Retired

BASTARD – HTB

RETIRED


NMAP

Nmap 7.91 scan initiated Fri Feb 12 23:36:02 2021 as: nmap -A -p- -T4 -oG nmap.init 10.129.29.109
Host: 10.129.29.109 () Status: Up
Host: 10.129.29.109 ()
Ports:
80/open/tcp//http//Microsoft IIS httpd 7.5/,
135/open/tcp//msrpc//Microsoft Windows RPC/,
49154/open/tcp//msrpc//Microsoft Windows RPC/
Ignored State: filtered (65532)
Nmap done at Fri Feb 12 23:38:42 2021 — 1 IP address (1 host up) scanned in 160.81 seconds

Continue Reading

Meetups

For anyone out there that’s looking a way to expand their knowledge, and learn more about whatever, I encourage you to search for a group that will challenge you!

I have been looking for a group for several years to no avail… until now. I’ve used all of the apps that are supposed to connect you by keywords and interests, and have always been hit by a dead-end. I’ve tried to meet up with groups through various networking that are supposed to hit the interests, but they always fall short.

Continue Reading

HTB – Bank – FH: DNS / File Upload

The Bank box was the first time I ran into virtual hosts on a web server. Till now, I’ve been able to discover all of the directories with a simple dirb or gobuster scan… this time was very different.

The NMAP scan showed only a few ports open. 22, 53, and 80. I always bypass 22 because there are rarely SSH exploits that go quick, so it was on to the other two ports. Interestingly, they had DNS running on port 53 and the description was ICS BIND. Bind is the Berkeley Internet Name Domain, and ISC bind can run in a large number of Linux environments. In this case, it was used to map to folders that didn’t show on an IP address scan of the machine.

Continue Reading

Status Report 20210801

So it’s been a couple months now, and I’m feeling great about everything that I’ve accomplished. I started out just going after every challenge that I could find, and mostly, I was able to accomplish success.

Shortly into my journey, I realized that I would have much better success with my learning if I were to separate tasks. I have been at the learning game for my entire life, always seeking more knowledge on everything that I do; and I’ve learned a few things about how learning can be best accomplished.

For the task of learning more about hacking, it would be the easy button to go ahead and pwn each box from start to finish. Do the scans, find the foot-hold, get in, then privilege escalate based on some further enumeration. That, however, is not the right answer if you want to get the maximum amount of learning out of each task! Therefore, I separated my learning into compartments that will yield a much greater result.

Continue Reading
Scroll to top