Small Update

Well as of today in the current world’s situation. We are currently in Quarantine due to this Virus named COVID-19 (CoronaVirus). And I have been stuck at home just learning and reading the latest blogs and articles anything related to some Red Team Techniques, currently I met an individual with 20 years of experience in the field it’s crazy the stuff he has seen and been through. I just talk about my little adventures at home on my AD (Active Directory). Nothing much to say about it 1 DC (Domain Controller) and 2 Workstations yeah nothing to crazy, Oh and … Continue reading Small Update

Red Teaming

Well here it is, I am finally going for a Red Team Job (Jr) am I nervous? Yes…totally, was wondering how will I explain myself if I manage to ace this interview. I mean I have been studying the MITRE ATTACK Framework as it was the bible, created a gitbook page to demonstrate attacks and make it easy to understand with new comer’s. But let me explain a little on Red Teaming, yeah it’s awesome, sure you get to feel like a bad guy hacking into a Network trying to Social-Engineer your way in, pff of course there is physical … Continue reading Red Teaming

2020

Wow it’s been a great amount of time since writing here, been really busy these last couple month’s on 2019. Interview’s, hacks, studying and moved onto the awesome field of Red-Team currently an Intern. So yeah… I’ve been doing a lot lately trying to catch up on these new attacks and new techniques for this Job, usually you would want to follow ATTACK MITRES Framework it is very helpful onto understanding how the adversaries think on real world attacks. So my this new way of studying this for me is just as this blog, I am writing a book on … Continue reading 2020

DC-6 Walk-Through

And we made it people the last box of the series man what a ride learned a bunch with wordpress and other CMS, custom word-lists, enumeration and Burp awesome journey and was great to be part of this, this box was some work into it it all goes with experience but let’s move on with this one first after finding the boxes IP we notice that it only has 2 ports open so our enumeration, will be quick once looking into the webserver and visiting we can see that it resolves into a DNS where we will need to add … Continue reading DC-6 Walk-Through

DC-5 Walk-Through

Another day!!, another box today I am working on DC-5 and it was great learned some awesome attacks and something so simple as “When All You Can Do Is Read” pretty informative give this one a google search, to sum this up it’s just, what would we do when all we can do is read on a box? When we can’t list directories but we can call the famous “/etc/passwd” you do this one because it’s always called on CTF but when you are working on an assessment and you can’t list well you start calling file’s that you know … Continue reading DC-5 Walk-Through

DC-4 Walk-Through

Uuuff Today got DC-4 done and some other stuff this awesome box is a little more work started with enumerating just 2 ports where ssh and HTTP are shown then we see a simple web-login page, that has no security such as not blocking even once the many login attempts that have been done, once logged in we can use the commands shown by intercepting the request with Burp and Tampering it so we can use this to get Code Execution, when this is done we will get a shell and we will need to escalate privileges twice and from … Continue reading DC-4 Walk-Through

DC-3 Walk-Through

Ok, ok let’s get into this this Machine was awesome really into this one I was having incredibly crazy trouble with my sql injection but after some researching we can find a tool named joomblah that will take care of this automatically also after attacking WordPress the past boxes this one moves to one called joomla really great and more on SQL Injections this time I used a few Linux Enumeration Scripts for my privilege escalation part and proceeded to guide myself with it to find a local root exploit to manage a root shell, let’s get started. We will … Continue reading DC-3 Walk-Through