Leet Sheets

This lab focuses on exploiting vulnerabilities in BackupBuddy, starting with an nmap scan revealing an Ubuntu server with default credentials on a PHP file manager. After logging in, attempts to exploit directory traversal initially fail, but eventually succeed, allowing access to sensitive files.

'Air' is an intermediate rated box in OffSec Playground where the first step involves running an nmap port scan to identify open TCP ports (22 and 8888). Accessing a web application (Aria2 WebUi) on port 8888 reveals error messages that lead to a Path Traversal vulnerability. Using Burpsuite, the passwd file is read, revealing a user 'deathflash' and their SSH key. After obtaining the key, SSH access is gained. For privilege escalation, linpeas is executed, uncovering a secret token related to the RPC server in configuration files, indicating further exploration is needed.

A foothold in the lab will be gained by leveraging a file upload function in a web application to upload a PHP web shell. Privileges will then be escalated to svc_mysql, abusing SeManageVolumePrivilege to achieve system access. This lab focuses on exploiting file upload vulnerabilities and privilege escalation methods.

In this lab, we’ll exploit an MD5 length extension vulnerability in a web application to gain initial access. From there, we’ll escalate privileges by abusing sudo permissions on safe-backup. We’ll encrypt our own SSH key backup and cleverly decrypt it directly into the /root/.ssh directory, effectively compromising the target.

This walkthrough covers the exploitation of an intermediate Linux box in Proving Grounds, focusing on a multi-step process to gain root access. Key techniques include FTP access, SQL injection, and privilege escalation through local vulnerabilities, culminating in root shell access via Jenkins exploitation.

This walkthrough covers an intermediate-level box, "BillyBoss," from Offsec’s labs, rated as "Very Hard" by the community. It begins with enumeration using Nmap and Gobuster, leading to an exploit of a web application’s file upload functionality. Privilege escalation is achieved by leveraging Active Directory credentials and specific system privileges, ultimately gaining root access. Techniques include directory fuzzing, reverse shell creation, hash cracking, and privilege abuse.

This content outlines a cybersecurity breach at "megacorpone.com," detailing an escalating series of incidents. It begins with unauthorized RDP access, followed by suspicious C2 communications, tool execution for network mapping, persistence on a file server, data exfiltration, and final C2 activity. The timeline suggests a significant breach with sustained unauthorized access and potential data loss.

This walkthrough demonstrates a cyber exploit on a **PlanetExpress** server. It begins with **Nmap** and **ffuf** scans to identify open ports and hidden directories, leading to access via a **PHP-FPM FastCGI** vulnerability. Using remote code execution, the attacker gains a reverse shell and escalates privileges by exploiting a misconfigured **SUID binary** to access root credentials. The root password is then cracked with **John the Ripper**, completing the attack. The guide highlights key penetration testing tools and tactics for server exploitation and privilege escalation.

Investigating the hidden dangers of Windows shortcut files with in-depth analysis of the 'trick or treat.lnk' file. Discovering how attackers use .lnk files to launch malicious PowerShell commands, obfuscate payloads, and compromise systems. This challenge writeup includes a hex dump breakdown and decryption insights, ideal for cryptography enthusiasts.

Uncover the secrets in the 'Sugar Free Candies' HackTheBoo 2024 CTF challenge! Dive into a cryptic journey where symbol-etched cyber candies and mysterious code lead you through a shadowy forest. Perfect for cryptography enthusiasts and those seeking a spooky twist on code-breaking this Halloween!

Discover the Sekur Julius Halloween cryptography challenge! Dive into a mysterious forest where an ancient scroll holds dark secrets. Uncover clues in encrypted messages, navigate spooky symbols, and test your skills in Hack the Box's 'Very Easy' crypto challenge. Perfect for both beginners and enthusiasts looking for a Halloween thrill!

This guide outlines the process of building an ML-based malware detection system, emphasizing supervised learning for binary classification, careful sample handling, feature extraction, model training, testing, deployment, and ongoing updates to maintain accuracy.

In an era of increasing cyber threats, endpoint threat hunting enables proactive identification of malicious activities on devices, focusing on Indicators of Compromise (IoCs) such as network-related, file-related, and behavioral IoCs. Logs, especially enhanced by Sysmon, are vital for uncovering suspicious behavior. Modern security relies on Endpoint Detection and Response (EDR) solutions that offer deep insights and active threat response capabilities, surpassing traditional antivirus tools.

This write-up details the investigation of a ransomware incident involving CLIENT02, focusing on network artifacts such as IDS logs and Splunk queries to identify IoCs related to LockBit ransomware. The process involves using threat intelligence tools to analyze destination IPs and full packet captures with Wireshark, aiming to track down the origin of the attack.

In OffSec TH-200 Module 3, the importance of timely intelligence and effective communication in threat hunting is highlighted. Key concepts include leveraging Operational, Tactical, and Technical Threat Intelligence for detecting threats like Emotet, and employing the Traffic Light Protocol (TLP) for secure and controlled information sharing during incidents to prevent data breaches.

Ransomware actors, motivated by financial gain, utilize tactics like phishing, exploiting vulnerabilities, and Initial Access Brokers to infect systems. The Ransomware-as-a-Service model enables lesser-skilled criminals to profit from these attacks. The attack process includes encryption, ransom demand, and payment typically in cryptocurrency. Modern strategies include double and triple extortion, combining data encryption with data theft to pressure victims.

In OffSec TH-200 Module 2, Section 1, key cybersecurity threat actors are explored, including cybercriminals like script kiddies, hacktivists, and ransomware groups, as well as sophisticated APTs and insider threats. Each group possesses distinct motivations and impacts on organizations, necessitating robust defense strategies.

The Offsec TH-200 course's Module 1 covers threat hunting in cybersecurity, focusing on proactive detection of threats as opposed to reactive SOC alerts. Threat hunting is categorized into in-house teams and third-party services, which enhance security by offering various detection solutions. The Threat Hunting Maturity Model outlines five levels of implementation based on data collection and analysis sophistication. Effective threat hunting consists of triggering a hypothesis, investigating, and resolving threats.

The objective of the task was to simulate hacking into a Linux system. We gained unauthorized access using the username and password found on a sticky note. We answered questions about passwords and escalated our privileges to the root account. This exercise highlighted vulnerabilities and provided practical experience in penetration testing techniques.