0niSec

Latest Posts

• Nov 15, 2024

  Day 1: HTB Machine - Cicada

  30-days-of-cyber htb report windows enumeration

  In this 30 Days of Cyber Security challenge, I tackled the Easy Windows machine "Cicada" on Hack the Box. This article is written in the format of a live penetration test report instead of a normal blog entry.

• Nov 13, 2024

  30 Days of Cybersecurity Challenge

  30-days-of-cyber

  This article discusses my 30 days of cybersecurity challenge where every day for 30 days I try to learn about or do one thing related to cybersecurity

• Nov 13, 2024

  Boardlight

  writeup htb enumeration dolibarr cve rce

  An easy rated Linux box that emphasizes and develops enumeration skills, both externally and internally. Foothold is obtained through an authenticated RCE that exploits improper input sanitization. Further enumeration reveals a plaintext password that is reused by another user, allowing escalation of privileges. Finally, root access is obtained through a zero-day exploit found in the Enlightenment Window Manager.

• Aug 3, 2024

  iClean

  xss ssti weakpasswords sessionjacking htb writeup

  A medium rated Linux box that involves exploiting a Server-Side Template Injection (SSTI) vulnerability to get a reverse shell as a low level user. Further privilege escalation requires finding a weak password in a database table, which leads the attacker to another user. Root user is obtained by exploiting a vulnerability in qpdf.

• Aug 2, 2024

  Shocker

  writeup htb gtfobins sudo cve shellshock

  An easy rated Linux machine that demonstrates the Shellshock vulnerability. Once the vulnerability is exploited, the attacker is able to escalate privileges through the perl binary.