My Resume!

HTB – Hello World

by | Apr 1, 2025 | General, hack the boxes | 0 comments

Lukus

Introduction

Most of my HTB blogs are going to be formatted this way. I want to start with an introduction that briefly goes over what this box is about and some of the systems that it goes over for example

  • LDAP
  • Windows server
  • Active directory
  • Kerberos

Recon

In this section I am going to go over how and why I acquired certain content. This is stuff like scanning for open ports, listing the services running on these ports, version numbers and other outwardly facing information on the box.

Foot hold

I got some information and now how do I use it.

  • Are there any credentials I could use?
  • Anonymous log ins?
  • misconfiguration of systems
  • plain text information
  • Idk it usually starts by checking the SMBs…

Once we get initial access, I will look around some more to see I can move laterally or move up to gain more information / privilege.

Lateral movement / privilege escalation

so we got initial access. This for me usually feels like I get dropped into a pitch black room with a candle. I can choose any way I want to go until I find a wall. At times I even find doors, most of the times they are locked but we shake the handle anyway. I take note of the type of door, the color and move on to the next thing. Finding access to other devices and other privilege devices is difficult for anyone, but if you stay vigilant you can find bread crumbs.

pwning

There are usually 2 types of pwning, the first one is user pwning which has a flag on a user that you used to lateral move or privilege escalate with. Then there is system pwning and that is where you actually own the system with full access and privileges as the admin. This is the goal of the box and it feels good to get here. Most of my work happens in the middle phase and keeping the process fun will make the dark black room easier to deal with.

Tools and commands I learned about

This is a summary section that goes over some of the tools that were used and some of the commands that it uses. Its important to remember that memorizing commands is not the goal and to always know how to look something up is way more useful.

Tool name description
nmapA tool that scans for open ports and service information
sqlmapopen source penetration tool for testing SQL exploits

Scriptdescription
nmap -sS -A -p 5555-sS : stealth syn scan
-A aggressive scan
-p 5555 scan on port 5555 only

Related Posts

Pf Sense – Firewall

Pf Sense – Firewall

by | Apr 6, 2025 | ,

After getting tired of relying on my ISP’s black box gateway, I decided to take control of my home network security with pfSense. This post walks through the first stage of my project—from installing pfSense on an old enterprise server, to configuring DHCP, DNS forwarding, and building out simple but meaningful firewall rules. I’ll also share lessons learned, gotchas, and some small wins that reminded me why I started this in the first place. Whether you’re new to home lab firewalls or knee-deep in VLAN configs, there’s something here for you

read more
Hello world

Hello world

by | Mar 25, 2025 |

This is just an excerpt. This is my first post and i have been adding stuff to it as I go until i master the art of divi…

read more

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *