0niSec
Hack the Box writeups, thoughts and more
Latest Posts
-
Day 1: HTB Machine - Cicada
In this 30 Days of Cyber Security challenge, I tackled the Easy Windows machine "Cicada" on Hack the Box. This article is written in the format of a live penetration test report instead of a normal blog entry.
-
30 Days of Cybersecurity Challenge
This article discusses my 30 days of cybersecurity challenge where every day for 30 days I try to learn about or do one thing related to cybersecurity
-
Boardlight
An easy rated Linux box that emphasizes and develops enumeration skills, both externally and internally. Foothold is obtained through an authenticated RCE that exploits improper input sanitization. Further enumeration reveals a plaintext password that is reused by another user, allowing escalation of privileges. Finally, root access is obtained through a zero-day exploit found in the Enlightenment Window Manager.
-
iClean
A medium rated Linux box that involves exploiting a Server-Side Template Injection (SSTI) vulnerability to get a reverse shell as a low level user. Further privilege escalation requires finding a weak password in a database table, which leads the attacker to another user. Root user is obtained by exploiting a vulnerability in qpdf.