My name is Chris and I am a Jack of all Trades, technophile with a special focus on cybersecurity and cloud solutions. I am originally from Toronto, Ontario, and currently living in the Cayman Islands.
"*" indicates required fields
Below are just some of the vendors and technologies I've worked with, implemented or maintained.
Christopher Soehnlein2021-10-09T10:46:17-05:00October 9th, 2021|Categories: HTB, Technology|Tags: Cacti, CAP_SYS_MODULE, docker, HTB, Monitors, Pivot, Tomcat, WordPress|
Monitors is an Hard box from HTB and created by TheCyberGeek. This box features a WordPress plugin exploit via wp-with-spritz allowing for LFI/RFI and an internal docker with Apache Tomcat running.
Christopher Soehnlein2020-10-10T10:39:40-05:00October 3rd, 2020|Categories: HTB, Technology|Tags: Blackfield, CrackMapExec, Evil-WinRM, HTB, john, Seatbelt, SeBackupPrivilege, smbmap, Windows|
Today in Blackfield from HTB I explore a real-world example of a Windows Server when an account used for a specific task is not removed after.
Christopher Soehnlein2022-08-24T14:50:20-05:00August 24th, 2022|Categories: HTB, Technology|Tags: BoltCMS, chisel, CVE-2021-22911, jamovi, Linux, mongodb, pwncat, RjEditor, RocketChat, shocker|
Talkative HTB has an outdated Jamovi with an R code exploit. On the box you pivot to the 172 range, get creds on MongoDB and a web-hook on Rocketchat for root.
Christopher Soehnlein2022-08-19T13:39:23-05:00August 19th, 2022|Categories: HTB, Technology|Tags: BloodHound, Evil-WinRM, ffuf, Firefox, firefoxdecrypt, john, LAPS, LFI, PowerShell, SQLMap|
StreamIO from HTB features a website with an exploitable login and parameter. Once on the box we use BloodHound alongside the Firefox profile creds for root.
Christopher Soehnlein2022-08-19T12:59:44-05:00August 19th, 2022|Categories: HTB, Technology|Tags: dig, DNS, Fail2Ban, ffuf, LFI, Linux|
Trick from HTB features a hidden sub-domain vulnerable to LFI which gets us the SSH key to user. For root we enumerate the database and use fail2ban.
Christopher Soehnlein2022-07-01T09:55:41-05:00June 30th, 2022|Categories: HTB, Technology|Tags: CVE-2019-17671, CVE-2021-3560, Polkit, WordPress|
Paper from HTB features an outdated WordPress environment and hidden sub-domain. On the box you use PolKit exploit CVE-2021-3560 made by the author for root.
Christopher Soehnlein2022-06-08T15:33:21-05:00June 8th, 2022|Categories: HTB, Technology|Tags: CVE-2021-22204, ImageMagick, Linux, Mogrify, neofetch, sub-domain, XDG_CONFIG_HOME|
Christopher Soehnlein2022-06-08T15:32:08-05:00June 8th, 2022|Categories: HTB, Technology|Tags: CVE-2021-32099, Linux, pandora_backup, PandoraFMS, PATH, PATH Abuse, PortForwarding, SNMP-Check, SSH, UDP, WSO|
Pandora from HTB features Port 161 running UDP which shows a password. Next you use CVE-2021-32099, a php web-shell and pandora_backup for root.
Christopher Soehnlein2022-07-01T12:16:47-05:00June 8th, 2022|Categories: HTB, Technology|Tags: BloodHound, CrackMapExec, crackpfkcs12, exce, FeroxBuster, Impacket, KerBrute, password-reuse, Windows|
Search from HTB features a website with credential leakage via a image and a domain controller you exploit to escalate. Finally we use GenericAll for root.
Christopher Soehnlein2022-06-08T15:34:54-05:00June 8th, 2022|Categories: HTB, Technology|Tags: .git, command injection, CVE-2019-20933, devzat, diff, FeroxBuster, ffuf, InfluxDB|
Devzat from HTB features a sub-domain with command injection. On the box you find an exploitable InfluxDB running and a dev chat with a file command for root.
Christopher Soehnlein2022-04-25T10:03:01-05:00April 23rd, 2022|Categories: HTB, Technology|Tags: ebook-download, ffuf, gdbserver, LFI, MSFVenom, proc, screen, WordPress|
Backdoor from HTB features a WordPress environment with an LFI. We use the LFI to find gdbserver which we exploit. Finally we use screen, which runs as root.
Christopher Soehnlein2022-04-01T11:12:34-05:00April 1st, 2022|Categories: HTB, Technology|Tags: CVE-2021-27928, ffuf, IPMI, john, MariaDB, UDP, Zabbix|
Shibboleth from HTB features an exploitable IPMI open on UDP and Zabbix actions for a reverse shell. Once on the box we exploit a vulnerable MariaDB for root.
©2014 – 2022 • ISLANDDOG • Powered by WordPress