The biggest attack blew 2021 in the start, where Microsoft Exchange Server was attacked by Hafnium — A Chinese group of hackers. The big buzz was created when almost all the important organizations including homeland security to Health Care organizations to 500 Fortune Companies, became victim of the attack. …


Devastating attack on Solarwinds in 2020, resulted into largest breaches that occurred. When I asked people, they knew only the fact, that attack was a supply chain attack, which had exploit incorporated in updates. Let’s dig deeper and know few more things.

TERMINOLOGY

Let’s go through some terminology before we end…


Today we will be coming across machine Feline. This machine is interesting as it has java de serialization in JSESSION id parameter. Without wasting time let’s jump in.

ENUMERATION

Nmap Scan for Service Versions with Default Scripts.


Veni Vidi Vici.

After the endless efforts throughout the year, I finally achieved my Offensive Security Certified Professional certification on 5th FEB 2021. Though everyone shares the experience and their journey, but I will definitely love to add mine to the bibliotheca. …


What ?? Another part of Sneaky HTB box ??? Might be. But was fun to solve it. Real life phishing attack practice. User part was definitely a level up. Let’s start.

ENUMERATION

Full port nmap scan for TCP ports reveals following


Recently retired machine, fits under OSCP like machines list. Quite similar to another HTB machine Jerry. Better exploitation in privilege escalation part.

ENUMERATION

Nmap scan with default scripts for version scan leads us to following open ports.


Well, totally a hard machine, required a lots of nudges and help. Also it took some scripting and XPATH injection and hell of a ride. Without wasting time let’s start.

ENUMERATION

Nmap scan for unbalanced using default scripts and service versions we see.


Medium level hack the box challenge, based on OpenBSD vulnerabilities for SSH keys.

ENUMERATION

Running nmap scan for default scripts and service version we see port 80 and port 22 open.


Going through the OSCP prep journey, it has now a days in trend, to solve out Buffer Overflow from TryHackMe! platform. Today I am going to share one of them, so that we may get an insight of basic steps by which easiest level stack buffer overflow can be exploited…


Today we will see how to own Magic machine. Initially when I started the machine I thought it is going to be related to magic numbers in PHP and something related to juggling concept. But no, it was not like that, so let’s see how was it.

ENUMERATE

Nmap scan

Dhanishtha Awasthi

OSCP | CEH | Cyber Security Enthusiast.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store