My name is Chris and I am a Jack of all Trades, technophile with a special focus on cybersecurity and cloud solutions. I am originally from Toronto, Ontario, and currently living in the Cayman Islands.
Below are just some of the vendors and technologies I've worked with, implemented or maintained.
Christopher Soehnlein2021-10-09T10:46:17-05:00October 9th, 2021|Categories: HTB, Technology|Tags: Cacti, CAP_SYS_MODULE, docker, HTB, Monitors, Pivot, Tomcat, WordPress|
Monitors is an Hard box from HTB and created by TheCyberGeek. This box features a WordPress plugin exploit via wp-with-spritz allowing for LFI/RFI and an internal docker with Apache Tomcat running.
Christopher Soehnlein2020-10-10T10:39:40-05:00October 3rd, 2020|Categories: HTB, Technology|Tags: Blackfield, CrackMapExec, Evil-WinRM, HTB, john, Seatbelt, SeBackupPrivilege, smbmap, Windows|
Today in Blackfield from HTB I explore a real-world example of a Windows Server when an account used for a specific task is not removed after.
Christopher Soehnlein2022-01-22T10:59:18-05:00January 22nd, 2022|Categories: HTB, Technology|Tags: BurpSuite, GoBuster, LFI, Linux, Python Debugger, python3, rustscan, VHOST|
Forge by NoobHacker9999 features a directory traversal/LFI exploitable website and hidden vhost. Once on the box you use python debugger on a script for root.
Christopher Soehnlein2022-01-23T00:46:38-05:00January 21st, 2022|Categories: HTB, Technology|Tags: BloodHound, CrackMapExec, crackpfkcs12, exce, FeroxBuster, Impacket, KerBrute, password-reuse, Windows|
Search from HTB features a website with credential leakage via a image and a domain controller you exploit to escalate. Finally we use GenericAll for root.
Christopher Soehnlein2022-01-23T00:51:00-05:00January 14th, 2022|Categories: HTB, Technology|Tags: .git, command injection, CVE-2019-20933, devzat, diff, FeroxBuster, ffuf, InfluxDB|
Devzat from HTB features a sub-domain with command injection. On the box you find an exploitable InfluxDB running and a dev chat with a file command for root.
Christopher Soehnlein2022-01-14T09:15:43-05:00January 13th, 2022|Categories: HTB, Technology|Tags: CVE-2021-27928, ffuf, IPMI, john, MariaDB, UDP, Zabbix|
Shibboleth from HTB features an exploitable IPMI open on UDP and Zabbix actions for a reverse shell. Once on the box we exploit a vulnerable MariaDB for root.
Christopher Soehnlein2022-01-09T10:22:25-05:00January 8th, 2022|Categories: HTB, Technology|Tags: FeroxBuster, gzip, MySQL, PATH, POST, python_exec, tty_python|
Previse from HTB features an exploitable website with POST request registration and a unsanitized parameter. On the box you use PATH injection on a script to get root.
Christopher Soehnlein2021-12-13T09:43:40-05:00December 12th, 2021|Categories: HTB, Technology|Tags: APT, BypassLogin, Disclaimer, enum4linux, ffuf, GTFOBins, NMAP, PostFix, python3, SID_users, SMTP, SQL|
Writer from HTB features a website with a weak login and a code executable uploader. Once on the box we exploit postfix and apt allowing us to get root.
Christopher Soehnlein2021-12-04T13:11:04-05:00December 4th, 2021|Categories: HTB, Technology|Tags: cron, ffuf, LDAP, ldapsearch, LFI, Linux, nginx, NMAP, vsftp|
Pikaboo is a Hard box created by pwnmeow and polarbearer. It features poorly configured web server vulnerable to an LFI and log poisoning technique.
Christopher Soehnlein2021-12-02T18:12:14-05:00December 2nd, 2021|Categories: HTB, Technology|Tags: CyberChef, john, password-reuse, PGP, sqlite3, SSTI, sub-domain, VHOST|
Bolt from HTB features a website information leakage, subdomains and an SSTI. Once on the box we decrypt a PGP key and encrypted mail for root.
Christopher Soehnlein2021-12-01T15:47:48-05:00December 1st, 2021|Categories: HTB, Technology|Tags: ebook-download, ffuf, gdbserver, LFI, MSFVenom, proc, screen, WordPress|
Backdoor from HTB features a WordPress environment with an LFI. We use the LFI to find gdbserver which we exploit. Finally we use screen, which runs as root.
©2014 – 2022 • ISLANDDOG • Powered by WordPress