Posts

HTB Writeup: Phoenix

Enumeration nmap ➜ mostwanted002@Loki Phoenix please nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt [sudo] password for mostwanted002: Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-26 19:50 IST Nmap scan report for 10.129.133.247 (10.129.133.247) Host is up (0.075s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 9d:f3:87💿34:75:83:e0:3f:50:d8:39:c6:a5:32:9f (RSA) | 256 ab:61:ce:eb:ed:e2:86:76:e9:e1:52:fa:a5:c7:7b:20 (ECDSA) |_ 256 26:2e:38:ca:df:72:d4:54:fc:75:a4:91:65:cc:e8:b0 (ED25519) 80/tcp open http Apache httpd |_http-server-header: Apache |_http-title: Did not follow redirect to https://phoenix.

HTB Writeup: Forest

Enumeration nmap scan ➜ mostwanted002@Loki Forest please nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt [sudo] password for mostwanted002: Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-23 18:24 IST Nmap scan report for 10.129.95.210 (10.129.95.210) Host is up (0.074s latency). Not shown: 65512 closed tcp ports (reset) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-06-23 13:01:56Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: htb.

HTB Writeup: Control

Enumeration nmap scan # Nmap 7.92 scan initiated Wed Jun 22 05:43:29 2022 as: nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt Nmap scan report for 10.129.121.9 (10.129.121.9) Host is up (0.070s latency). Not shown: 65530 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 |_http-title: Fidelity |_http-server-header: Microsoft-IIS/10.0 | http-methods: |_ Potentially risky methods: TRACE 135/tcp open msrpc Microsoft Windows RPC 3306/tcp open mysql?

HTB Writeup: Book

Enumeration Hostname : book.htb nmap # Nmap 7.92 scan initiated Tue Jun 21 06:08:40 2022 as: nmap -sC -sV -T3 -oA nmap-tcp-all-ports.txt -p- -iL ip.txt Nmap scan report for 10.129.95.163 (10.129.95.163) Host is up (0.075s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 f7:fc:57:99:f6:82:e0:03:d6:03:bc:09:43:01:55:b7 (RSA) | 256 a3:e5:d1:74:c4:8a:e8:c8:52:c7:17:83:4a:54:31:bd (ECDSA) |_ 256 e3:62:68:72:e2:c0:ae:46:67:3d:cb:46:bf:69:b9:6a (ED25519) 80/tcp open http Apache httpd 2.

Conti Locker Analysis

Contents Disclamer Introduction ContiLeaks Zipped Locker Unzipped Locker backdoor.js Source Code Analysis: Locker Initialization Command Line Arguments Modifying the Code Searching for Files Cryptanalysis Source Code Analysis: Decryptor Cryptanalysis Performance Conclusion 1. Disclaimer I won’t be releasing/sharing exact complete source-code out of respect to the person because of whom this all was possible.

Deploying Intel-Owl on GKE

‘ Intel Owl’ is a one-stop destination for all your threat intelligence needs. This application, itself was designed on the idea of scalability and provides docker configurations for the same. What if, one needs to deploy it for their organisation, which actively performs threat intelligence, and need high performance application for the same? Well, Intel Owl deployed over GKE (Google Kubernetes Engine) might be able to perform well for that!!

Using old WiFi Router as WiFi-to-LAN Repeater: (With OpenWRT GUI)

Have an old router just lying around? Ever wondered how much useful that spare device can be? You will! After reading this guide. The OpenWrt Project is a Linux operating system targeting embedded devices. Prerequisites:- i) A Compatible Router flashed with supported version of OpenWRT. ( Check it out here!) (**!!IMPORTANT!! **This guide is for GUI Supported Versions only. I’ll be doing a Configuration over SSH Guide too.)

[CVE-2020-13379] Unauthenticated DoS on Grafana 3.0.1 - 7.0.1

Researchers: Mayank Malik ( mostwanted002@protonmail.com) Kartik Sharma ( 98kartik.sharma@gmail.com) Severity: Medium Version: 3.0.1 to 7.0.1 Vulnerable Endpoint: http://<grafanaHost>/avatar/* Overview Grafana is the open-source analytics & monitoring solution for every database. According to Grafana’s patch notes dated June 3rd, 2020, there was an “Incorrect Access Control” vulnerability in Grafana 3.0.1 through Grafana 7.0.1 on the /avatar feature through which an attacker/adversary was able to perform Server Side Request Forgery (SSRF) attack.