October 24, 2020

Hack your way to financial freedom

There is no get rich quick schemes to maximize your finances. Hacking is not cyber crime. If you think this post is going to be 5 steps to become a millionaire or advice on how to steal money, you’re wrong. This is a collection of advice I’ve picked up in recent years and suggest you follow. I will also admit that I have been blessed. My family is not poor, I grew up in a good area and received a strong education.

July 9, 2020

HackTheBox Sauna Writeup

Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.

July 6, 2020

Walkthrough Decryption Instructions

4/9/2022 Update: After migrating from WordPress to Hugo, I do not have the ability to password protect blog posts. All content will be public and because of that these decryption instructions are no longer worthwhile for https://hackerunder.dev. I will not be posting content that requires password protection. For example, I previously shared unretired hackthebox machine walkthroughs but required hashes as the password for the post. This decryption method was copied from 0xPrashant and his own blog.

July 4, 2020

HackTheBox Remote Writeup

Remote was a fun windows box to hack. This is my second active target on HTB. My first was Traceback. Check that out for a similar web based exercise on Linux. Remote starts with a web vulnerability but requires finding credentials in a public share. DLL Hijacking is required to get a system shell. Lessons learned: Mounting a public windows share Exploit modifications – changing python code for a web exploit DLL Hijacking for privilege escalation Information gathering An initial nmap scan reveals some listening services.

May 3, 2020

HackTheBox Traceback Write-up

Thanks to a zoom call with members of PA Hackers. I fully exploited my first active HTB machine where I got points for my effort. To celebrate getting root, here’s my write-up. I learned quite a lot with this machine. It introduced me to new PHP web shells and message of the day (motd) privilege escalation. Lessons Learned Open Source INTelligence (OSINT) refresher with Google and Github PHP web shell alternatives to php-reverse-shell.

May 1, 2020

The Hacker Manifesto By The Mentor

Words of inspiration for many and an explanation to others who only see hackers as problems. Maybe one day I’ll base this manifesto to write my own. First it’s important to dig deep and see what’s going on then find how to put it into one clear document. Copied from Phrack Magazine <pre class="wp-block-preformatted">==Phrack Inc.== Volume One, Issue 7, Phile 3 of 10 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The following was written shortly after my arrest.

April 30, 2020

Starting a Minecraft server

I’ve had a love hate relationship with Minecraft since I bought the beta when I was in highschool 2011. Throughout the years I’ve played countless local games, and joined others online in public servers. Over the last decade, I cycled through playing, getting mad at myself for not being productive, and taking a break. Lately I’ve been watching Hermitcraft more than playing or working combined. To convince myself I was being productive, I told myself starting a Minecraft server to play with friends and family would be a worthwhile systems administration and security project.

March 3, 2020

Patch your stuff

There’s a sticker on the back of my personal laptop. I don’t recall where I got it from I believe it was an informal sticker exchange at GrrCON a few years ago. It’s a pretty clear message and you can see it here. For anyone who’s trying to watch what they say, lets call it “Patch your stuff”. It’s a simple rule, but an important one we should all follow.

February 26, 2020

What is Updog?

Friends among my various hacker spaces have shared links to a new tool called Updog created by Sc0tfree. A python3 implementation of an HTTP server that is intended to replace Python2’s SimpleHTTPServer module. I had to test it out myself and these are my opinions. In many hacker training courses, it is vital to be able to host your tools on a web server to download them onto target machines. One example would be to download a network scanning tool once you’ve gained a shell on the first machine of a target network.

January 13, 2020

Picat's Podcast: Episode 6

In this hour long podcast episode, I reviewed a lot of what I have done and what my current projects are. For this year, my goals are to get the OSCP and find a position at Offensive Security that is in the information security realm instead of development. Apart from studying, I’m also trying to help the Kali team with getting official cloud versions available on AWS and Azure with each new Kali release.