For me the first box again after being away from Hack The Box for a while. Admirer focuses on Adminer, the predecessors of the immensely popular phpMyAdmin. The version in question has a vulnerability that I used for the user-flag. Root was achieved by misusing an include in a python backup script.
Continue readingMonthly Archives: September 2020
Veil Evasion for bypassing antivirus software
Running your awesome payload and getting it shot down by antivirus software is kind of the same as having your Lamborghini’s launch control active and seeing a Police car parking in front of you. It kind of spoils the concept. The Veil-Evasion framework is a great way to get rid of that digital police car and have your payloads evade detection by antivirus software. In this blog post, I give you some examples of how to use Veil and obfuscate the true intentions of your payloads.
Continue readingBadBlood: Active Directory object creator and security generator
We all know the issue. You just installed Active Directory Domain Services but everything is empty. To start testing you need to create all sorts of objects which cost a lot of time. This is where BadBlood comes to rescue.
Continue readingHack The Box Writeup: Remote
Since a long time a new easy box appeared on Hack The Box. Now “Easy” is a label that in the previous machines could also switch to “Medium” so always a surprise. In this case, it really was a well-qualified machine that lived up to its name. The root-flag was also accessible via a remote solution.
Continue readingShodan Eye: Search tool for Shodan
The Shodan Eye tool is part of a collection of Ethical Hacking tools written by fellow Dutchie Jolanda de Koff, a.k.a. Bulls Eye. It is a Python script to easily search Shodan and save your results locally for further analysis. Let’s give this one a try.
Continue reading