Keeper is an easy HTB machine which mimicks a helpdesk. I get inital access with default credentials. With that I find a comment which reveals a password that I use to login to SSH. I then use an exploit on the KeePass dump file, which gives the root putty SSH key.

Easy HTB machine with a SSRF vulnerability that gives access to OS command injection in mailtrail.

The third day is about brute forcing, counting PIN and password possibilities. I have to brute force a secret PIN, I use Crunch to generate a wordlist and Hydra to bruteforce a pin.

The second day is about log analysis. I take a look at data science, and the appliance in cyber security. In the first part there is an introduction to Jupyter Notebooks, Python, Pandas, and Mathplotlib.

TryHackMe Advent of Cyber is out! In the first day I bypass the restrictions a chatbot has via prompt injection. The chatbot is trained on datasets that contain sensitive information, which will show itself as an issue.

Easy HTB machine where I exploit a Spring Boot webserver, the admin panel is vulnerable to code injection, which leads to a foothold after which I abuse postgresql to crack a users hash, and then privesc to root.