Welcome back to the final blog in de series "How to hack a box"! In this blog we’ll cover the basics of Privilege Escalation and see it in practice on the Blocky box from Hack The Box.
Welcome back to the blog series about how to hack a box! In the past few blogs we’ve gone through a few steps which gives you an idea of how you can hack a box. We went from the Introduction, to Exploration, to Gaining Access. In this blog, we’ll cover the basics of Enumeration.
"It’s official! In April I will be starting an amazing new job!", I thought excitedly as I laid down my pen. I had just signed my contract with JCore during a nice lunch with a soon-to-be colleague. It was December 23st and signing the contract felt like an early Christmas present. Not only would JCore offer me plenty of opportunity to develop my technical and personal skills, they also offered a fun social environment. During the interviews I was told about pub quizzes, board game nights, Friday afternoon drinks, people playing videogames together… It seemed so much fun! I joined two of these events even before I officially started working for JCore. I had a great time and I was really looking forward for this to become my new normal. Little did I know that my actual new normal would be vastly different due to the corona crisis.
Since beginning of time mankind has been looking for a way to separate right from wrong. Where the primeval man judged righteousness by the contributions of the tribe, the current day programmer judges right by the wishes of the customer. For many years the average programmer wrote a bunch of logic to check if the boundaries defined by the client where uphold. As time went on and programming languages involved, metadata could be added to enrich functions, methods, classes and the like.
Welcome back to the blog series about how to hack a box! In this third post I’ll guide you through the second step: gaining access.
Welcome back to the blog series about how to hack a box! In the first blog I gave an introduction into the steps and prerequisites on How to hack a box. In this second post I’ll guide you through the first step, which is exploration. We will execute the steps on an actual box in Hack The Box, called Blocky.
At the time of writing the coronavirus is raging the earth. Very soon after the outbreak, visualizations of both the virus and the effect of the disease started to appear everywhere. As I partially graduated in the subject of data visualization, I have always been interested in those graphs. Lately, I followed an introduction course to visualize data with D3.js. After I completed this course, I wanted to draw some meaningful graphics with this library. So follow along when I explain a little bit about D3 and then draw a simplified version of the coronavirus molecule.
Welcome to the blog series about how to hack a box! In this first post I’ll guide you through the global steps you can take to hack a box. The steps are universal, so you can use them on any target which you have permission for.
As a developer, you are familiar with Docker. You push your images to the Hub, use Compose locally and know a thing or two about Kubernetes. Or… Well… To be honest… You don’t. And you are ashamed you don’t know anything about it. You browse the internet and it’s so overwhelming. So you stop looking and continue what you’ve been doing all the time. Deep inside, you still wonder. Can’t anyone not just explain Docker in simple terms? Is it really this hard? Or am I just missing something really obvious?
In my last blog I gave you a small introduction into the term "Reverse Shell". I described it as: "A Reverse Shell is where your target machine creates a connection to your machine, after which you get a shell on the target machine in which you can execute system commands." It is similar to SSH, but without any encryption and the connection is created the other way around (from target to you, instead of you to the target).