Posts

Showing posts from 2019

10 - HTB: Zipper

Image
Hack The Box: Zipper I do a fair amount of HTB, but it's not often I want to do a write up on a box.  Typically, this is because many of the boxes (not all, but I've noticed a lot) tend to have a lot of the typical CTF-y tropes.  Guess the creds, a hint here or there, a random share with a single file on it that has a single set of credentials for something you'll find by doing a zone transfer, or whatnot.
Now, there's nothing wrong with machines like those, they just don't really pique my interest and I usually get frustrated, as I'm trying to approach from a perspective of learning and practicing my skills vs. real-world targets.  I don't like tricky little 'Gotchas!' in HTB's-- it reminds me of movies that break the fourth wall.  Zipper wasn't one of those boxes.  It was quite good, and definitely more along the lines of realism due to the technologies in use.  A legitimate open-source application, Zabbix, a Docker install and a clever p…

09 - How to maybe not be so bad at OSINT?

09 - How to maybe not be so bad at OSINT?
Disclaimer: For this post, I've taken a lot of IP / DNS info from google and simply modified it to be similar to a scenario I encountered a little while back at work.  It's not intended to be perfect, nor accurate as far as the DNS information goes, this post is just about the process.
BlAcK bOx TeStInG?A while ago we had a client who had requested a 'full black-box test', as they'd put it.  As a tester, visions of grandeur and epic hacks flooded my mind straight away, imagining myself owning the perimeter in some non-specific way, dodging IPS laser beams, battling AI defenses-- but definitely getting root.

Thinking about it though, I realized that my OSINT skills aren't actually all that sharp...  What would happen if, say, the client didn't have any IPs registered to them?  Could we locate IPs to test?  There are lots of ways, but when it came down to it, how would I?

After many logistics, and what I'd assume wa…