My name is Chris and I am a Jack of all Trades, technophile with a special focus on cybersecurity and cloud solutions. I am originally from Toronto, Ontario, and currently living in the Cayman Islands.
"*" indicates required fields
Below are just some of the vendors and technologies I've worked with, implemented or maintained.
Christopher Soehnlein2022-02-21T12:00:24-05:00February 19th, 2022|Categories: HTB, Technology|Tags: CyberChef, john, password-reuse, PGP, sqlite3, SSTI, sub-domain, VHOST|
Bolt from HTB features a website information leakage, subdomains and an SSTI. Once on the box we decrypt a PGP key and encrypted mail for root.
Christopher Soehnlein2022-02-07T10:12:23-05:00February 6th, 2022|Categories: HTB, Technology|Tags: CVE-2021-3129, Exploit_50239, ffuf, GoBuster, Horizontall, HTB, rustscan, strapi, VHOST|
Horizontall features a hidden vhost with an exploitable strapi. Once on the box we exploit a vulnerable laravel using an SSH port forward.
Christopher Soehnlein2022-01-22T10:59:18-05:00January 22nd, 2022|Categories: HTB, Technology|Tags: BurpSuite, GoBuster, LFI, Linux, Python Debugger, python3, rustscan, VHOST|
Forge by NoobHacker9999 features a directory traversal/LFI exploitable website and hidden vhost. Once on the box you use python debugger on a script for root.
Christopher Soehnlein2022-01-09T10:22:25-05:00January 8th, 2022|Categories: HTB, Technology|Tags: FeroxBuster, gzip, MySQL, PATH, POST, python_exec, tty_python|
Previse from HTB features an exploitable website with POST request registration and a unsanitized parameter. On the box you use PATH injection on a script to get root.
Christopher Soehnlein2021-12-13T09:43:40-05:00December 12th, 2021|Categories: HTB, Technology|Tags: APT, BypassLogin, Disclaimer, enum4linux, ffuf, GTFOBins, NMAP, PostFix, python3, SID_users, SMTP, SQL|
Writer from HTB features a website with a weak login and a code executable uploader. Once on the box we exploit postfix and apt allowing us to get root.
Christopher Soehnlein2021-12-04T13:11:04-05:00December 4th, 2021|Categories: HTB, Technology|Tags: cron, ffuf, LDAP, ldapsearch, LFI, Linux, nginx, NMAP, vsftp|
Pikaboo is a Hard box created by pwnmeow and polarbearer. It features poorly configured web server vulnerable to an LFI and log poisoning technique.
Christopher Soehnlein2021-11-27T18:01:27-05:00November 26th, 2021|Categories: HTB, Technology|Tags: BloodHound, ffuf, Impacket, kerberos, krbrelayx, Responder, smbclient, virtualbox-guest-utils, WGET, Windows|
Intelligence is an Medium Windows box created by Micah. It features a website with discoverable internal documents, password reuse and a DNS rebinding scenario.
Christopher Soehnlein2021-11-19T10:37:58-05:00November 19th, 2021|Categories: HTB, Technology|Tags: BurpSuite, CyberChef, eval, LFI, Linux, python3, URLEncode, XML, XXE|
BountyHunter is an Easy box by ejedev. It has a poorly configured XML form vulnerable to an XXE/LFI which gives us creds. Next we exploit a script for root.
Christopher Soehnlein2021-11-12T11:28:22-05:00November 12th, 2021|Categories: HTB, Technology|Tags: ansible-playbook, BurpSuite, CSRF, FeroxBuster, GitBucket, jmxproxy, nginx, rustscan, symlink, Tomcat|
Seal is an Medium box created by MrR3boot. It features a web server with an exploitable Tomcat and nginx traversal. Once on the box we use ansible to escalate.
©2014 – 2022 • ISLANDDOG • Powered by WordPress