SANS Holiday Hack Challenge 2021

Hi everyone! This is a write-up on the recent SANS Holiday Hack Challenge CTF. I hope they will be helpful to you. It is my first time trying out SANS Holiday Hack challenge as they host it yearly. If you haven’t tried it out, the main goal of this CTF is to learn. Hence there […]

Windbg cheatsheet

Hi everyone! This post is a compilation of commonly used commands or shortcuts on Windbg. I hope they will be useful to you. By the way, if you need to use a kernel debugger, a tool I would recommend is VirtualKD-Redux which makes your life easier. There is already a documentation of the installation steps […]

Elevate to SYSTEM privilege (Windows)

Hi everyone! This is post is on elevating your CMD to SYSTEM access. Let’s get started! Requirements Psexec.exe (Sysinternal tool) Local administration privilege Obtaining SYSTEM Firstly, launch CMD in administrative privilege if you are on GUI. Otherwise, make sure you are on an admin account in a reverse/bind shell. Local spawn CMD In your CMD: […]

Accessing MS SQL server’s windows shell

Hi everyone! Today’s post is on trying to access the Microsoft SQL server’s winshell from Linux or Unix. This is useful during pentesting or CTF if you have the SQL credentials and ability to remotely access the SQL service. Having access to the winshell means you have access to the system’s files. Let’s get started! […]

HackTheBox – Love Write-up

Hi everyone! Today’s post is on Love, an easy Windows 10 machine on HackTheBox. It was created on 2nd May 2021. There are two ways for the initial foothold before accessing the server as a user account which is SQL injection via CVE-liked disclosure on exploitDB for Voting System 1.0 or SSRF in a subdomain […]