Welcome!
My name is Chris and I am a Jack of all Trades, technophile with a special focus on cybersecurity and cloud solutions. I am originally from Toronto, Ontario, and currently living in the Cayman Islands.
Digital Solutions
Below are just some of the vendors and technologies I've worked with, implemented or maintained.
“Wisdom is not a product of schooling but of the lifelong attempt to acquire it.”
Albert Einstein
Theoretical physicist
My Creative Side
IslandDog Thoughts:
My blog which covers new technology, my life, HTB guides and more!
HTB – Monitors
Monitors is an Hard box from HTB and created by TheCyberGeek. This box features a WordPress plugin exploit via wp-with-spritz allowing for LFI/RFI and an internal docker with Apache Tomcat running.
HTB – Blackfield
Today in Blackfield from HTB I explore a real-world example of a Windows Server when an account used for a specific task is not removed after.
HTB – StreamIO
StreamIO from HTB features a website with an exploitable login and parameter. Once on the box we use BloodHound alongside the Firefox profile creds for root.
HTB – Talkative
Talkative HTB has an outdated Jamovi with an R code exploit. On the box you pivot to the 172 range, get creds on MongoDB and a web-hook on Rocketchat for root.
HTB – Trick
Trick from HTB features a hidden sub-domain vulnerable to LFI which gets us the SSH key to user. For root we enumerate the database and use fail2ban.
HTB – Paper
Paper from HTB features an outdated WordPress environment and hidden sub-domain. On the box you use PolKit exploit CVE-2021-3560 made by the author for root.
HTB – Meta
Paper from HTB features an outdated WordPress environment and hidden sub-domain. On the box you use PolKit exploit CVE-2021-3560 made by the author for root.
HTB – Pandora
Pandora from HTB features Port 161 running UDP which shows a password. Next you use CVE-2021-32099, a php web-shell and pandora_backup for root.
HTB – Search
Search from HTB features a website with credential leakage via a image and a domain controller you exploit to escalate. Finally we use GenericAll for root.
HTB – Devzat
Devzat from HTB features a sub-domain with command injection. On the box you find an exploitable InfluxDB running and a dev chat with a file command for root.
HTB – Backdoor
Backdoor from HTB features a WordPress environment with an LFI. We use the LFI to find gdbserver which we exploit. Finally we use screen, which runs as root.
HTB – Shibboleth
Shibboleth from HTB features an exploitable IPMI open on UDP and Zabbix actions for a reverse shell. Once on the box we exploit a vulnerable MariaDB for root.