Letter Despair is a simple Web challenge provided by HackTheBox as part of their Business CTF: Dirty Money. This challenge is very simple, a single .PHP file was provided which indicates the vulnerability is likely to be discovered by some form of code review. A screenshot of the application can be seen below: My firstContinue reading
[HackTheBox] Forest
Enumeration I started off with an Nmap scan on the target. We can observe that the host is Windows Server with Active Directory services running. With this in mind, I ran enum4linux to see if there were any other information I could extract from the host. Exploitation (User) After obtaining the user accounts, I attemptedContinue reading
[HackTheBox] Olympus
Enumeration I started off with a simple NMAP scan on the target. A quick glance at the the open ports show nothing too unusual, except maybe the ssh port open on 2222. I navigated to the http service and all it contained was a simple image. I also decided to run a nikto scan toContinue reading
eLearnSecurity Penetration Testing Student (PTSv3) Review
I recently completed the PTSv3 course and obtained the certification so I thought I’d share my experiences. Initially, I was going to do the Offensive Security Certified Professional (OSCP) certification first but after reading through many reviews I decided against it as my first certification. I stumbled on the eJPT certification training and reading throughContinue reading