In December 2020, the news broke about a major cyberattack against various departments within US government systems. This was a sophisticated attack where software components of a few big-name organizations were compromised. One of the attacks was designed around infiltrating the build system and then inject a malicious payload into the software product causing catastrophic business disruptions. In this write-up, I highlight how a misconfiguration in the build pipeline can enable hackers to gain control of the build system enabling nightmare scenarios of creating havoc among the industry.

This write-up is about the hackthebox Jeeves box, a medium-rated Windows machine…

Motivation

The majority of IT experts concur that Active Directory is the dominant approach for managing the Windows domain networks. This is why adversaries get attracted to discover and exploit vulnerabilities within the Active Directory echo system. In order to defend against those types of attacks, there is a need for practice grounds where Pen Testers, Security Researchers and Ethical hackers can practice offensive and defensive methodologies.

This article is inspired by TheCyberMentor’s How to Build an Active Directory Hacking Lab video where he builds a local Active Directory lab for ethical hacking purposes. My personal preference is to use a…

This write-up is for the hackthebox Cronos machine. DNS Zone Transfer is the mechanism to replicate DNS records across multiple Servers. However, if not configured properly, the information leakage caused by that misconfiguration can provide attackers some vital clues about the attack vectors. This write-up shows how the information from DNS Zone transfer chained with other vulnerabilities may lead to an attacker owning critical infrastructure.

A medium rated Linux machine with an IP address of 10.10.10.13. Below is its radar graph.

This write-up is for the hackthebox Active machine. According to some estimates, 95% of the Fortune 1000 companies use Active Directory. Given these types of stats, its no surprise that hackers always have a deep interest in exploiting any vulnerabilities around Domain Controllers. Kerberos is considered the heart of Active Directory (AD) as the authentication mechanism between AD and any computers joining its domain. This post describes an AD specific technique called Kerberoasting that malicious users can use to attack the AD infrastructure.

An easy rated Windows machine with an IP address of 10.10.10.100. The radar-graph is showing a strong…

This write-up is for the hackthebox Valentine machine. April 2014 is well-known to Software industry folks due to the emergence of the Heartbleed bug. This issue caused a major crisis for IT professionals around the world who struggled to contain its impact. The actual cost of this bug is hard to estimate but a few put an initial number of around $500 million. This writeup shows how an attacker can exploit the Heartbleed bug.

Let’s start with the info-card for this box.

This is a Linux machine that is rated as Easy. Its IP address is 10.10.10.79. The radar graph…

This write-up is for the hackthebox Nibble machine. This box teaches important lessons about how multiple vulnerabilities could be chained together to gain privileged user level access. The info card for this box is as follows.

Another Easy rated Linux machine with an IP address of 10.10.10.75. The radar graph is showing strong CVE metrics.

This write-up is for the hackthebox Beep machine. In the IT world, systems administrators have a huge responsibility to be meticulously careful about managing administrative passwords for privileged accounts. A seemingly benign application-level breach can turn into large-scale cyber espionage when systems administrators do not put time and effort to comply with password management best practices. This write-up demonstrates how hackers can take advantage of similar situations.

Its a Linux machine with an IP address of 10.10.10.7. The radar graph shows the presence of CVEs.

This write-up is for the hackthebox Arctic machine. This box highlights the weaknesses associated with use of weak password techniques that adversaries can exploit and gain full control of a machine.

Its a windows machine with an IP address of 10.10.10.11. The radar graph shows presence of CVEs.

This write-up is for the hackthebox Optimum machine. Like some other machines on the hackthebox platform, this machine also highlights the importance of keeping your Operating System and any installed applications upto date. In this write-up, I used three power-shell frameworks Nishang, Sherlock and Empire to take root-level access to the box.

Its another Easy rated Windows machine with an IP address of 10.10.10.8. Its radar-graph is as follows.

This is my write-up for the hackthebox Shocker machine. Back in the day, the discovery of the Shellshock (a.k.a Bash Bug) sent the IT industry in chaos due to its lethal exploit giving attackers the ability to gain control of target computers and run malicious commands. This post demonstrates how a maliciously crafted string could be used to exploit this Bash Bug.

This is a Linux based machine with an IP address of 10.10.10.56. Its radar graph shows CVEs, Real-Life, and Enumeration as key metrics for this box.

Kamran Bilgrami

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store