HackTheBox Sniper Walkthrough

by Vince
in Blog
Hits: 4844

One of the reasons why I like HTB is the fact that they have current operating systems.  Let me restate that -- current Windows operating systems.  I have to be well-rounded but 75% of my work is with Windows and Windows applications.  In the world of capture the flag, the majority of systems are Linux.

As you can guess, Sniper is a Windows box and it's a wicked ride.  I learned quite a few things along the way and I went down a legitimate rabbit hole because I wanted to learn more about a particular aspect of the compromise.  I'll get to that in a minute.  Moving on, we kick off with Nmap:

Read more

Malicious CHM

by Vince
in Blog
Hits: 2317

"Microsoft Compiled HTML Help is a Microsoft proprietary online help format, consisting of a collection of HTML pages, an index and other navigation tools. The files are compressed and deployed in a binary format with the extension.CHM, for Compiled HTML. The format is often used for software documentation."

I'm working on something and I had the idea of infecting a CHM document.  Turns out, you can extract the contents using 7zip.  With the help of the Microsoft HTML Help Workshop, we can modify the contents with our malicious code and recompile it back together. 

Read more

Vulnhub Escalate My Privileges: 1 Walkthrough

by Vince
in Blog
Hits: 3941

The description states:  "This VM is made for playing with privileges. As its name, this box is specially made for learning and sharpening Linux Privilege Escalation skills. There are number of ways to playing with the privileges." 

Seems like there were a number of options but I think I took the most direct.  When I scanned with the long version of Nmap, it showed a long time for completion.  I kick off with the short form:

Read more