My name is Chris and I am a Jack of all Trades, technophile with a special focus on cybersecurity and cloud solutions. I am originally from Toronto, Ontario, and currently living in the Cayman Islands.
Below are just some of the vendors and technologies I've worked with, implemented or maintained.
Christopher Soehnlein2022-01-09T10:22:25-05:00January 8th, 2022|Categories: HTB, Technology|Tags: FeroxBuster, gzip, MySQL, PATH, POST, python_exec, tty_python|
Previse from HTB features an exploitable website with POST request registration and a unsanitized parameter. On the box you use PATH injection on a script to get root.
Christopher Soehnlein2021-12-13T09:43:40-05:00December 12th, 2021|Categories: HTB, Technology|Tags: APT, BypassLogin, Disclaimer, enum4linux, ffuf, GTFOBins, NMAP, PostFix, python3, SID_users, SMTP, SQL|
Writer from HTB features a website with a weak login and a code executable uploader. Once on the box we exploit postfix and apt allowing us to get root.
Christopher Soehnlein2021-12-04T13:11:04-05:00December 4th, 2021|Categories: HTB, Technology|Tags: cron, ffuf, LDAP, ldapsearch, LFI, Linux, nginx, NMAP, vsftp|
Pikaboo is a Hard box created by pwnmeow and polarbearer. It features poorly configured web server vulnerable to an LFI and log poisoning technique.
Christopher Soehnlein2021-11-27T18:01:27-05:00November 26th, 2021|Categories: HTB, Technology|Tags: BloodHound, ffuf, Impacket, kerberos, krbrelayx, Responder, smbclient, virtualbox-guest-utils, WGET, Windows|
Intelligence is an Medium Windows box created by Micah. It features a website with discoverable internal documents, password reuse and a DNS rebinding scenario.
Christopher Soehnlein2021-11-19T10:37:58-05:00November 19th, 2021|Categories: HTB, Technology|Tags: BurpSuite, CyberChef, eval, LFI, Linux, python3, URLEncode, XML, XXE|
BountyHunter is an Easy box by ejedev. It has a poorly configured XML form vulnerable to an XXE/LFI which gives us creds. Next we exploit a script for root.
Christopher Soehnlein2021-11-12T11:28:22-05:00November 12th, 2021|Categories: HTB, Technology|Tags: ansible-playbook, BurpSuite, CSRF, FeroxBuster, GitBucket, jmxproxy, nginx, rustscan, symlink, Tomcat|
Seal is an Medium box created by MrR3boot. It features a web server with an exploitable Tomcat and nginx traversal. Once on the box we use ansible to escalate.
Christopher Soehnlein2021-11-01T12:14:47-05:00November 1st, 2021|Categories: HTB, Technology|Tags: ADB, Android, CVE-2019-6447, ESFileExplorer, ESFileExplorerOpenPortVuln, Pivot, PortForwarding|
Explore is an Easy box from HTB and created by bertolis. This box features an Android phone with an exploitable ESFileExplorer and Android ADB priv esc.
Christopher Soehnlein2021-10-09T10:46:17-05:00October 9th, 2021|Categories: HTB, Technology|Tags: Cacti, CAP_SYS_MODULE, docker, HTB, Monitors, Pivot, Tomcat, WordPress|
Monitors is an Hard box from HTB and created by TheCyberGeek. This box features a WordPress plugin exploit via wp-with-spritz allowing for LFI/RFI and an internal docker with Apache Tomcat running.
Christopher Soehnlein2021-09-10T10:52:50-05:00September 10th, 2021|Categories: HTB, Technology|Tags: CVE-2020-14321, FreeBSD, HTB, moodle, Schooled, sub-domain, XSS|
Schooled is an Medium box from HTB and created by TheCyberGeek. This box features a XSS exploit and priv esc via moodle and a malicious pkg for root.
©2014 – 2022 • ISLANDDOG • Powered by WordPress