Explore >> Select a destination
|
You are here 
|
shellsharks.com | ||
| | | | |
blog.ikuamike.io
|
|
| | | | | Summary As the name suggests this box had a instance of gitlab where the initial foothold involves getting credentials from obfuscated javascript and once logged into the gitlab instance we abuse webhooks to add our own code and execute it to get a reverse shell. Read on to see how I able to root the box. Enumeration As usual I start with a quick nmap scan to find open ports and then run a second scan for service and version detection. | |
| | | | |
blog.kchung.co
|
|
| | | | | In a lot of ways, Vagrant is an exceptional way to use virtual machines (VMs). Terminal wizards rarely need a GUI to get something done and often times you really only need a simple sandbox to prototype something. Vagrant accomplishes this beautifully by wrapping configuration details in a Vagrantfile and | |
| | | | |
0xdf.gitlab.io
|
|
| | | | | Active was an example of an easy box that still provided a lot of opportunity to learn. The box was centered around common vulnerabilities associated with Active Directory. There's a good chance to practice SMB enumeration. It also gives the opportunity to use Kerberoasting against a Windows Domain, which, if you're not a pentester, you may not have had the chance to do before. | |
| | | | |
jembendell.com
|
|
| | | In 2023, I left employment as a full Professor in the UK. I entered a new phase in life, developing an organic farm school in Indonesia and playing devotional music for groups. I continue writing essays on collapse readiness and response, publishing newsletters, and giving very occasional talks. There are two ways you could support... | ||
