zacheller@home:~/blog$

posts

about

whoami

contact

  • Dabbling in Open Source

    I was searching Up For Grabs for an open-source project to work on and stumbled upon an interesting tool called passthief that I figured would be useful in pentesting. I analyzed all the modules in anticipation for writing the Firefox password extracter module. In Linux, I found the two files...

  • Introduction to Code Review

    From PentesterLab.com Reasons for doing code review It can be faster than penetration testing. Some issues are really easy to spot during a code review (for example weak encryption), where others can take a lot more time (XSS for example). Compliance can require you to perform security code review (for...

  • HackTheBox - Sauna

    Enumeration root@kali:~/HackTheBox/Sauna# nmap -p- 10.10.10.175 Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-05 16:09 EDT Nmap scan report for 10.10.10.175 Host is up (0.049s latency). Not shown: 65515 filtered ports PORT STATE SERVICE 53/tcp open domain 80/tcp open http 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open...

  • Exploit Analysis - OpenNetAdmin 18.1.1 RCE

    While doing the OpenAdmin challenge on HackTheBox I used an exploit for OpenNetAdmin 18.1.1 that allowed Remote Code Execution. On a normal Kali install, this exploit can be found here: /usr/share/exploitdb/exploits/php/webapps/47691.sh. I wanted to dive a little deeper into how the script worked, so I reformatted it to be more...

  • SecWiki Launch

    I keep a lot of notes on the topics, tools, and challenges I come across in my exploration of cybersecurity. Up until now, I’ve been keeping my notes across a few increasingly bloated CherryTree files. I have started to move everything to a GitBook to be a living resource for...

  • Defend The Web - World of Peacecraft / Realistic

    Navigate to https://defendtheweb.net/extras/playground/real/1/email/. In your email Trash folder is an email from uStudio with a password in plaintext. There is an activate account email from World of Peacecraft in your inbox which contains a link to http://www.wop.com/activate. Simply enter the password in the form, and the challenge is solved.

  • Webinar - Attacking SQL Server CLR Assemblies

    Presented by Scott Sutherland @ NetSPI Description During this webinar we’ll be reviewing how to create, import, export, and modify CLR assemblies in SQL Server with the goal of privilege escalation, OS command execution, and persistence. Scott will also share a few PowerUpSQL functions that can be used to execute...

  • HackTheBox - Infiltration (Active)

    Infiltration is an active challenge, so I will keep my solution offline until the challenge is retired. HTB{Y0ur_Enum3rat10n_{censored}_Y0ung_0ne}

  • Defend The Web - Recon

    What is the IP of the server hosting this page $ nslookup defendtheweb.net Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: defendtheweb.net Address: 85.10.194.253 85.10.194.253 Which company hosts our server $ whois 85.10.194.253 [...] inetnum: 85.10.192.0 - 85.10.207.255 netname: HETZNER-RZ-NBG-NET descr: Hetzner Online AG descr: Datacenter Nuernberg [...] Hetzner Online AG...

  • HackTheBox - Lame (Retired)

    Setup Add the line 10.10.10.3 lame.htb into /etc/hosts. Enumeration root@kali:~/HackTheBox/lame# nmap lame.htb -T4 -p- -A -oN nmap Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 16:26 EDT Nmap scan report for lame.htb (10.10.10.3) Host is up (0.043s latency). Not shown: 65530 filtered ports PORT STATE SERVICE VERSION 21/tcp open ftp...