My name is Chris and I am a Jack of all Trades, technophile with a special focus on cybersecurity and cloud solutions. I am originally from Toronto, Ontario, and currently living in the Cayman Islands.
"*" indicates required fields
Below are just some of the vendors and technologies I've worked with, implemented or maintained.
Christopher Soehnlein2021-10-09T10:46:17-05:00October 9th, 2021|Categories: HTB, Technology|Tags: Cacti, CAP_SYS_MODULE, docker, HTB, Monitors, Pivot, Tomcat, WordPress|
Monitors is an Hard box from HTB and created by TheCyberGeek. This box features a WordPress plugin exploit via wp-with-spritz allowing for LFI/RFI and an internal docker with Apache Tomcat running.
Christopher Soehnlein2020-10-10T10:39:40-05:00October 3rd, 2020|Categories: HTB, Technology|Tags: Blackfield, CrackMapExec, Evil-WinRM, HTB, john, Seatbelt, SeBackupPrivilege, smbmap, Windows|
Today in Blackfield from HTB I explore a real-world example of a Windows Server when an account used for a specific task is not removed after.
Christopher Soehnlein2022-07-01T11:54:29-05:00July 1st, 2022|Categories: HTB, Technology|Tags: BoltCMS, chisel, CVE-2021-22911, jamovi, Linux, mongodb, pwncat, RjEditor, RocketChat, shocker|
Talkative from HTB features an outdated Jamovi environment.
Christopher Soehnlein2022-07-01T09:55:41-05:00June 30th, 2022|Categories: HTB, Technology|Tags: CVE-2019-17671, CVE-2021-3560, Polkit, WordPress|
Paper from HTB features an outdated WordPress environment and hidden sub-domain. On the box you use PolKit exploit CVE-2021-3560 made by the author for root.
Christopher Soehnlein2022-06-08T15:33:21-05:00June 8th, 2022|Categories: HTB, Technology|Tags: CVE-2021-22204, ImageMagick, Linux, Mogrify, neofetch, sub-domain, XDG_CONFIG_HOME|
Christopher Soehnlein2022-06-08T15:32:08-05:00June 8th, 2022|Categories: HTB, Technology|Tags: CVE-2021-32099, Linux, pandora_backup, PandoraFMS, PATH, PATH Abuse, PortForwarding, SNMP-Check, SSH, UDP, WSO|
Pandora from HTB features Port 161 running UDP which shows a password. Next you use CVE-2021-32099, a php web-shell and pandora_backup for root.
Christopher Soehnlein2022-07-01T12:16:47-05:00June 8th, 2022|Categories: HTB, Technology|Tags: BloodHound, CrackMapExec, crackpfkcs12, exce, FeroxBuster, Impacket, KerBrute, password-reuse, Windows|
Search from HTB features a website with credential leakage via a image and a domain controller you exploit to escalate. Finally we use GenericAll for root.
Christopher Soehnlein2022-06-08T15:34:54-05:00June 8th, 2022|Categories: HTB, Technology|Tags: .git, command injection, CVE-2019-20933, devzat, diff, FeroxBuster, ffuf, InfluxDB|
Devzat from HTB features a sub-domain with command injection. On the box you find an exploitable InfluxDB running and a dev chat with a file command for root.
Christopher Soehnlein2022-04-25T10:03:01-05:00April 23rd, 2022|Categories: HTB, Technology|Tags: ebook-download, ffuf, gdbserver, LFI, MSFVenom, proc, screen, WordPress|
Backdoor from HTB features a WordPress environment with an LFI. We use the LFI to find gdbserver which we exploit. Finally we use screen, which runs as root.
Christopher Soehnlein2022-04-01T11:12:34-05:00April 1st, 2022|Categories: HTB, Technology|Tags: CVE-2021-27928, ffuf, IPMI, john, MariaDB, UDP, Zabbix|
Shibboleth from HTB features an exploitable IPMI open on UDP and Zabbix actions for a reverse shell. Once on the box we exploit a vulnerable MariaDB for root.
Christopher Soehnlein2022-02-21T12:00:24-05:00February 19th, 2022|Categories: HTB, Technology|Tags: CyberChef, john, password-reuse, PGP, sqlite3, SSTI, sub-domain, VHOST|
Bolt from HTB features a website information leakage, subdomains and an SSTI. Once on the box we decrypt a PGP key and encrypted mail for root.
Christopher Soehnlein2022-02-07T10:12:23-05:00February 6th, 2022|Categories: HTB, Technology|Tags: CVE-2021-3129, Exploit_50239, ffuf, GoBuster, Horizontall, HTB, rustscan, strapi, VHOST|
Horizontall features a hidden vhost with an exploitable strapi. Once on the box we exploit a vulnerable laravel using an SSH port forward.
©2014 – 2022 • ISLANDDOG • Powered by WordPress