Digital Offensive

Posted on Saturday, 1st December 2018 by Michael

In this video, I walk you through the enumeration and exploitation of the HTB box known as Hawk. Hawk provided some cool tricks that poor enumeration would have left you frustrated.

Reference Material and Swag:

Web Application Hacker Handbook: https://amzn.to/2DOotEJ
Red Team: How to succeed by thinking like the enemy: https://amzn.to/2DxB9yY
Red Team Field Manual (ON SALE): https://amzn.to/2KkxQwC — must have for any tester
Kali Hoodie (Great holiday present): https://amzn.to/2DzxuAB

Social Media Contact:

Twitter: https://twitter.com/genxweb
LinkedIn: https://www.linkedin.com/in/michael-lasalvia-7743732/
YouTube: https://www.youtube.com/user/genxweb

Posted in OSCP | Comments (0)

Posted on Tuesday, 20th November 2018 by Michael

Today we take a look at Mercy found on VulnHub by the author Donavan. This is an OSCP style boot to root that really requires you to enumerate and pay attention. You will get to work through several steps before being able to obtain the root flag and claim victory over Mercy. However, if you do not enumerate well enough you may find yourself pleading for mercy.

Reference Material and Swag:

Web Application Hacker Handbook: https://amzn.to/2DOotEJ
Red Team: How to succeed by thinking like the enemy: https://amzn.to/2DxB9yY
Red Team Field Manual (ON SALE): https://amzn.to/2KkxQwC — must have for any tester
Kali Hoodie (Great holiday present): https://amzn.to/2DzxuAB

Links to tools in this walkthrough:

Spawning a TTY: https://netsec.ws/?p=337
Creating a WAR file: https://netsec.ws/?p=331
RIPS Static Source Code Reviewer Vulnerability: https://www.exploit-db.com/exploits/18660/
Process Spy (PSPY): https://github.com/DominicBreuker/pspy/blob/master/README.md
Port Knocker: https://github.com/grongor/knock
Decodify:https://github.com/s0md3v/Decodify

Social Media Contact:

Twitter: https://twitter.com/genxweb
LinkedIn: https://www.linkedin.com/in/michael-lasalvia-7743732/
YouTube: https://www.youtube.com/user/genxweb

Posted in OSCP | Comments (0)

Posted on Saturday, 17th November 2018 by Michael

In this video we walkthrough the Hack the Box machine known as Jerry. We will explore Jerry’s arch enemy Tom as in tomcat and how to quickly exploit this misconfigured tomcat server to gain full admin access and secure the flags.

Check out some of my tools (amazon affiliate program):

Red Team Handbook RTFM: https://amzn.to/2RSsgUs
Great reference guide for OSCP, HTB and real world. I have a copy in my bag all the time.

Blue Team Field Manual: https://amzn.to/2qPxMMc .

You need to know how the blue team detects your attacks in the first place. It is always a cat and mouse game when you are red teaming.

Editing software: While I am not a pro, final cut pro x makes my life easier to share with you all: https://amzn.to/2ONVlyG

Virtualization: Make spinning up Virtual machines easy on macs, go with a trusted name and get vmware fusion pro 11: https://amzn.to/2RXotW5

Posted in OSCP | Comments (0)

Posted on Saturday, 10th November 2018 by Michael

Posted in OSCP | Comments (0)

Posted on Tuesday, 18th September 2018 by Michael

My quick review of Lin.Security found on Vulnhub.com. This boot to root focuses on using misconfigured services to gain root access.

Posted in OSCP | Comments (0)

Posted on Friday, 14th September 2018 by Michael

Welcome back. Here is a quick HTB update and a walkthrough of Toppo from VulnHub.org. Remember if you like these videos make sure to subscribe and press like.

Posted in OSCP | Comments (0)

Posted on Thursday, 13th September 2018 by Michael

This week on HTB (Hack the Box ) I have hit both of my HTB goals. When I first started HTB I set these two goals to reach before I headed back into the OSCP labs. The first goal was to be in the top 100 users. I hit this goal earlier this week and the second was to hit the rank of Guru. As of today 9/13/2018 after owning all active machines I have reached that goal as well. Now I can stop back from chasing boxes for ranks and focus on my OSCP and chasing bloods on HTB. 

Posted in Blog | Comments (1)

Posted on Wednesday, 23rd May 2018 by Michael

Join me as I do a live walkthrough for my internal red team of the recently retired Hack the Box machine Ask Jeeves. We will go through enumeration obtaining a user flag, gaining shell, elevating privilege and ending with the root flag.  If you like these videos make sure to subscribe and turn on notifications.

Tags: Hack the box, hacking, HTB, metasploit, OSCP, pass the hash, pen testing, priv esc, PTH, root, shell
Posted in OSCP | Comments (0)

Posted on Saturday, 28th April 2018 by Michael

Hack the box Bashed machine was retired today! Here is my walkthrough to show you how to do it.

Posted in OSCP | Comments (0)

Posted on Thursday, 15th March 2018 by Michael

This video is short. It contains some updates on my progress on the oscp,  the kick off of the Mid Atlantic CCDC and New courses at InfoSec Addicts

Posted in Blog | Comments (0)