sueks.io

sueks.io

Sign in Subscribe

Strace Spelunking: Diving Deep into SSH Password Discovery

Strace Spelunking: Diving Deep into SSH Password Discovery

Overview In the cloud landscape, there are multitude of services and offerings that attackers can abuse to gain unauthorized access to an organizations cloud environment. In most cases we’ll see threat actors find hardcoded cloud credentials in a git repository or abuse a known SSRF vulnerability to obtain temporary

CI/CDeez Domain Admins

CI/CDeez Domain Admins

Recently I found myself in a siutation that required me do some research into an attack path that is not very widely documented. So, I thought it would be a fun exercise, to make a PoC, document the steps in hopes to help other pentesters and red teamers achieve their

Breaching the OSEP

Breaching the OSEP

A few weeks ago I received the email that I successfully completed the requirements to obtain my OSEP, Offensive Security Experienced Penetration Tester. The journey to this point wasn't an easy one and I wanted to share my experiences with the course, exam and overall mental bandwidth it

Cracking the OSCP

When it comes to certification’s the OSCP is the gorilla sitting in the corner. It’s a behemoth of an exam, testing your technical abilities, mental strength and creative thinking skills all under the careful eye of a proctor for 24 hours. Add to that, Offensive Security is super

HTB - Blue

After Cronos gave me enough trouble between the SQLi and the reverse shell I wanted something I thought would be straightforward. So I went with Blue which if I can bet involves EternalBlue! Right to it with NMAP: An older version of SMB, lets poke around. Bingo. I really wanted

HTB - Cronos

In Cronos we get exposed to some new and some old! Some DNS enumeration followed by SQLi with a bit of OS command execution will get us on the box. Privesc we abuse a particular cronjob. First, our can: 22,53,80! DNS enumeration: First step is to resolve the

HTB - Bounty

Back at it with HTB Bounty. Once again we are attacking IIS. Lets begin: Or initial nmap scan only shows 1 port open: PORT 80 And all we get is a picture of merlin: It leads us to two different directories /transfer.aspx (Status: 200) /uploadedfiles (Status: 301) For the

HTB - Valentine

Welcome to valentine and this gave me some trouble. I know people say it’s on the easier side of things but something about it took me a while to figure out what made this box tick. This machine is vulnerable to Heartbleed, which we will use to grab an

HTB - Devel

In this machine from HTB, we get exposed to a few different elements around webhosting and ftp. We wil; eventually notice that the FTP directory (which we can log in anonymously too) is also the webroot. We upload a shell and continue our enumeration on the machine searching for a

HTB - Sunday

Between the last box (Legacy) and this one, I wasn’t too thrilled. This box was very fun but for some reason my connection was marred by lag and high latency and it made the whole experience more difficult than it had to be. I liked this box because it

HTB - Legacy

Legacy, a really old box from HTB that I did fairly quickly and didn’t take too many screenshots. Right down to the dirty, Legacy is vulnerable to MS08-067 and MS17-010. I went with the old school MS08 and exploit and had no issues getting root. Walkthrough Legacy is located

HTB - Shocker

Here is Shocker. Fairly straightforward since the name literally tells you what the box is vulnerable to. Regardless a great box to reinforce some basic concepts such as enumeration, enumerating strange directories and learning more about what the heck /cgi-bin/ is and what it’s capable of. In a nutshell

Hacking LIDAR Guns

Disclaimer: All information contained in this post is for educational purposes only. This article is a recap from a discussion that took place during DEFCON 27 by Bill Swearingen titled ‘HAKC The Police’. Hardware hacking is not currently my strong suit. Don’t get me wrong the drive is there

HTB - Nibbles

Another day, another box. This one is Nibbles from HTB. A fairly straightforward exploitation that reinforces some good enumeration habits. In an acorn, we find a webpage with nothing going on. A review of the source code reveals a directory that we can gobuster. We find an admin panel and

HTB - Grandpa

I wanted to start hitting some Windows boxes because I’ve been really focusing on the Linux machines on the TJNULL list and same deal with Proving Grounds. So I picked this one randomly and saw it was rated Easy and thought I would give it a shot, blind. The

HTB - Bashed

Another box from the the legendary OSCP-like box list from TJNull. In this box, Bashed, we get a look at some good old fashioned php. Bashed is very straightforward but it taught a few things that I honestly was scratching my head over for a few minutes until I figured

HTB - Lame

Lame is a straightforward machine that is great practice for preparing for the OSCP. It enforces some solid concepts, offers a rabbit role and allows for other means of exploitation. In a nutshell Lame, a linux box, is exploited through a command execution vulnerability in Samba versions 3.0.20

eJPT -h [eJPT walkthrough]

The eJPT. A fun exam/course that gets your feet wet in the waters of penetration testing and gets your hands dirty in the realm of figuring stuff out when you have no clue why something isn’t working. How did I pass? And what do I need to do

HTB - Jerry

Welcome to HTB JERRY! This box is fairly straightforward and not too much in terms of tricks or curveballs. I absolutely love this box as a starter machine because albeit simple, it still highlights some basic fundamentals as hackers we should all be aware of. As always to start off

sueks@sueks.io~ % ifconfig

Lets break it down. 1. Who is this site for? 2. What will I find on this site? 3. Why am I different? 4. What are my goals? * Who is this site for? Spoiler alert. This site is for everyone. But more importantly this site is for anyone who wants

cybersecurity -h -w [list]

This post will updated frequently. If you think I am missing someone/something please drop me a line/comment or reach out on social. These are some of the resources I have used to learn and understand some of the topics in cybersecurity. The people/tools listed probably have no