Your cart is currently empty!
Welcome to Hidden Door Security’s offensive security blog, providing insights to ethical hackers and penetration testers. If you’re passionate about pushing digital defenses to the limit and beyond, you’ve found your arsenal.
-
Walkthrough – Blue (HackTheBox)
This is a walkthrough of the easy Windows machine from HackTheBox called “Blue”. Enumeration I run an nmap service scan with the following command and output: If we do a quick Google search of exploits against Windows 7 Professional 7601 Service Pack 1, we can Eternal blue is on the top of the list. Foothold…
-
Walkthrough – Data (VulnLab)
This is a write up/walkthrough of the machine called “Data” on Vulnlab: https://www.vulnlab.com/ Enumeration I run rustscan and see port 22 and 3000 open. I see there is a Grafana login on port 3000: I check the Grafana version v8.0.0 for any potential exploits: I see the exploit available here for directory traversal: https://www.exploit-db.com/exploits/50581 I…
-
My Experience as a Red Teamer on CISA’s ICS Cybersecurity Lab(301L) – Live Training
NOTE: Due to the nature of the live training, I cannot get into details or specifics about the 4-day onsite training. I will only cover what is publicly disclosed on the CISA training catalog here: https://www.cisa.gov/ics-training-available-through-cisa#workshop The following are the course numbers I participated in, which you can register and attend, however, CISA will perform…
-
Conquering Dante: HackTheBox Pro Labs Tips and Review
NOTE: This is not a walkthrough nor will there be spoilers regarding this HackTheBox Pro Lab. I will speak about the use of tools and methods in a general context that can be applied to any lab environment. Information on this HTB cyber range and others can be found here: https://www.hackthebox.com/hacker/pro-labs Background The HTB Dante…
-
Anatomy of a Penetration Test with Metasploitable 2
This guide is an introduction to ethical hacking with Metasploitable 2 from Rapid 7. This content is part of our upcoming Ethical Hacking Crash Course. The following topics will be covered to give you the complete process from enumeration to obtaining root access onto a Linux machine: VirtualBox Install First we will be downloading VirtualBox…
-
Walkthrough – Academy (HackTheBox)
This is a walkthrough of the machine called “Academy” at HackTheBox: https://app.hackthebox.com/machines/Academy In this walkthrough, we cover 2 possible privesc paths on the machine through GTFObins and PwnKit. Enumeration I first run rustscan to see what are the open ports on this machine: rustscan -a 10.129.234.151 –ulimit 5000 –range 1-65535 — -sVC -Pn There is…