Privilege Escalation via lxd

LXD is Ubuntu’s container manager utilising linux containers. It could be considered to act in the same sphere as docker, The lxd group should be considered harmful in the same way the docker group is. Under no circumstances should a user in a local container be given access to the lxd group. This is because it’s entirely trivial to exploit.... Read more 26 Sep 2017 - 2 minute read

HackTheBox - Lame

This writeup details attacking the machine Lame (10.10.10.3) on HackTheBox. Enumeration First things first, as with any machine, we want to nmap scan it to see what ports are open. root@kali:~/reboare.github.io/_posts# nmap -p- 10.10.10.3 -T4 Nmap scan report for 10.10.10.3 Host is up (0.062s latency). Not shown: 65530 filtered ports PORT ... Read more 20 Aug 2017 - 5 minute read

HackTheBox - Granny

This writeup details attacking the machine Granny (10.10.10.15) on HackTheBox. I will write this piece describing as many elements of the process as possible, assuming the reader to be just starting out in the field. Further writeups aren’t going to go into as much detail but if you’re brand new to a lot of these tools, this will give you a go... Read more 25 Jul 2017 - 10 minute read

HackTheBox - October

Edit: A few months on and i have found my understanding and explanation of some of the concepts here lacking to say the least. As a result, I have decided to improve the explanations offered here. This writeup details attacking the machine October (10.10.10.16) on HackTheBox. Since this machine is now retired, it no longer gives points. Firs... Read more 25 Jul 2017 - 10 minute read

OverTheWire - Bandit

Bandit0 Starting out the very first challenge is just to read a file. For this I used the cat command. bandit0@melinda:~$ ls readme bandit0@melinda:~$ cat readme boJ9jbbUNNfktd78OOpsqOltutMc3MY1 Bandit1 bandit1@melinda:~$ ls - bandit1@melinda:~$ cat ./- CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9 Bandit2 bandit2@melinda:~$ ls spaces in this filename ... Read more 25 Apr 2017 - 2 minute read