TryHackMe – Post-Exploitation Basics Write-up

1. Introduction This challenge on TryHackMe (THM) will only be covering on the basics of what we usually do after gaining access to a machine that is in an Active Directory (AD) network. Enumeration via Powerview and Bloodhound will be done along with dumping password hashes and Golden ticket using Mimikatz. Further information gathering will […]

HackTheBox – Love Write-up

Hi everyone! Today’s post is on Love, an easy Windows 10 machine on HackTheBox. It was created on 2nd May 2021. There are two ways for the initial foothold before accessing the server as a user account which is SQL injection via CVE-liked disclosure on exploitDB for Voting System 1.0 or SSRF in a subdomain […]

HackTheBox – Armageddon Write-up

Dear readers, Today’s post is on Armageddon, a GNU/Linux easy machine on HackTheBox. It was created on 28th March 2021. This challenge tests on find CVE vulnerability on a website, pivoting from apache user from web shell to local user by getting information from MySQL using MySQL one-liner, cracking the hash, and privilege escalation through […]