Welcome to IslandDog
My name is Chris and I am a Jack of all Trades, technophile with a special focus on cybersecurity and cloud solutions. I am originally from Toronto, Ontario, and currently living in the Cayman Islands.
Technical Solutions
Below are just some of the vendors and technologies I've worked with, implemented or maintained.
“Wisdom is not a product of schooling but of the lifelong attempt to acquire it.”
Albert Einstein
Theoretical physicist
Creative Solutions
Below are some of the website platforms and solutions I've created primarily utilizing WordPress as a framework.
IslandDog Thoughts:
My blog which covers new technology, my life, HTB guides and more!
HTB – Busqueda
Busqueda from HTB features a vulnerable Searchor web app. On the box we use git, gitea, password reuse and running scripts for root.
HTB – MonitorsTwo
MonitorsTwo from HTB features a vulnerable cacti docker. Once on the box we use user_auth table and CVE-2021-41091 for root.
HTB – Pilgrimage
Pilgrimage from HTB features a .git directory showing a vulnerability with ImageMagick allowing file read. On the box we exploit binwalk for root.
HTB – Keeper
Keeper from HTB features RT running with default creds. Once on the box we use CVE-2023-32784 and puttygen for root.
HTB – Trick
Trick from HTB features a hidden sub-domain vulnerable to LFI which gets us the SSH key to user. For root we enumerate the database and use fail2ban.
HTB – StreamIO
StreamIO from HTB features a website with an exploitable login and parameter. Once on the box we use BloodHound alongside the Firefox profile creds for root.
HTB – Talkative
Talkative HTB has an outdated Jamovi with an R code exploit. On the box you pivot to the 172 range, get creds on MongoDB and a web-hook on Rocketchat for root.
HTB – Paper
Paper from HTB features an outdated WordPress environment and hidden sub-domain. On the box you use PolKit exploit CVE-2021-3560 made by the author for root.
HTB – Meta
Paper from HTB features an outdated WordPress environment and hidden sub-domain. On the box you use PolKit exploit CVE-2021-3560 made by the author for root.