Tech Brain Dump
Nest was a fun CTF style Windows HTB machine, now retired. It's not an unrealistic scenario despite being CTF style, the weaknesses exploited in SMB Security and File Share\System permissions together with an all too common practice of passwords in plaintext. Nmap running a SYN scan (-sS) without ping (-Pn) and all ports (-p-) With... Continue Reading →
Traverexec is a now retired Linux HTB machine, it has been a while since I rooted this one but I do recall that I thoroughly enjoyed working it and planned to write it up when it was retired, so my notes are better 🙂 Recon:I prefer to use multiple nmap runs rather than a whole... Continue Reading →
Oopsie is a retired Linux HTB machine, it was fun and fell quickly, I didn't take the best screenshots along the way but I'll fill in most of the blanks as we go. As usual, the machine is retired on HTB and any flags are now refreshed. Initial Recon showed just TCP:80 and TCP:22 open,... Continue Reading →
Remote is a now retired Windows machine and an easy one As usual I started with a series of NMap sweeps, initially a quick scan with attempt to verify the service running on the given port: Poking the machine a little harder, scanning all TCP ports. A few interesting ports open but TCP:2049 and TCP:111... Continue Reading →
ServMon is an easy-rated Windows machine on Hack The Box. Not particularly realistic but fun all the same. Recon & Enumeration: As always, I started with a few port scans, below is the full TCP SYN scan. Probing a few select ports a little further with NMap. From this I concluded the likely vector will... Continue Reading →
Recon: On HTB recon starts with the above screen, the map lays out what you're likely to be facing, in this case, a CVE based vulnerability and often the name gives a hint. Next up, the usual series of NMap scans, in this case there isn't much open, a summary is shown below:... Continue Reading →
A super simple script to remove the default apps from Windows 10 1809 x64, though should work on other versions and architectures. ## AUTHOR: AntB 2019 ## PURPOSE: Remove Default-Apps from Windows 10 1809 x64, intended for SCCM use. $Apps = "*BingWeather*", "*windowsalarms*", "*zunevideo*", "*zunemusic*", "Microsoft.XBoxApp", "Microsoft.XboxGameOverlay", "Microsoft.XboxGamingOverlay", "Microsoft.MicrosoftStickyNotes", "Microsoft.Microsoft3DViewer", "Microsoft.Getstarted", "Microsoft.GetHelp", "Microsoft.Messaging", "Microsoft.WindowsFeedbackHub", "Microsoft.MicrosoftSolitaireCollection",... Continue Reading →
I recently had to put together a presentation on AppLocker and AaronLocker; this is a far more generalised version of that presentation What is AppLocker and why use it? AppLocker is an application whitelisting tool that is built into Windows; contrary to blacklisting where we state everything that should NOT run, with whitelisting, we state... Continue Reading →
Just another fuzzer: #!/usr/bin/python import socket buffer=["A"] counter=100 while len(buffer) <= 30: buffer.append("A"*counter) counter=counter+200 for string in buffer: print "Fuzzing PASS with %s bytes" % len(string) s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) connect=s.connect(('10.11.17.17',110)) s.recv(1024) s.send('USER test\r\n') s.recv(1024) s.send('PASS ' + string + '\r\n') s.send('QUIT\r\n') s.close()
Here are a small series of NMap scanning scripts: Read out all NMap vulnerabilites from /usr/share/nmap/scripts to "all_nmap_vulns" first #!/bin/bash # Scan given target with all NMap vulnerability scripts # <usage> ./nmap_vulns.sh <target> for script in $(cat all_nmap_vulns); do nmap $1 --script $script --unprivileged -sV -P0 -T4; done Same script but using proxy chains: #!/bin/bash... Continue Reading →
Ants Lab 
You must be logged in to post a comment.