πŸ“¦ HTB - Cap

Simple easy box, perfect to warmup before the FIC 2021 and get more confidence in 1337 h4ck1n9 TL;DR Find PCAP file on server, get SSH credentials, execute code as root with Python. Footholds I did not even use nmap here, as we had a web server serving on port tcp:80. This website looked like this: It seems to be a security dashboard for a server, we don’t have any info about that....

July 28, 2021 Β· 3 min Β· 0xNinja

πŸš€ TL;DR - pacman

The famous packet manager for Archlinux

May 4, 2021 Β· 1 min Β· 0xNinja

πŸš€ TL;DR - nmap

Maybe the most used tool when it comes to network discovery and port knocking.

May 4, 2021 Β· 1 min Β· 0xNinja

πŸš€ TL;DR - Docker

Wow you don’t know yet what Docker is? πŸ€” Let me introduce you this beautiful containerization tool!

May 4, 2021 Β· 2 min Β· 0xNinja

πŸš€ TL;DR - What is the 'TL;DR' series?

So I came up with this basic concept: TL;DR. But what is it exactly? The TL;DR series The main idea is to share some knowledge in a quick and concise way, such as a RUMP but written on a file. It is like a writeup speedrunning-ish style of writting. And maybe because I am kind of lazy sometimes. The goal here is to write small articles about a subject I like, a new technique learnt, or anything that is not worth a full and detailed article....

May 4, 2021 Β· 1 min Β· 0xNinja

Free space on disk for Linux distros

Recently I wanted to run a MySQL Docker container and encountered a tragical error: simple_db | 2021-03-25 10:54:04+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql' simple_db | 2021-03-25 10:54:04+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.31-1debian10 started. simple_db | 2021-03-25 10:54:04+00:00 [Note] [Entrypoint]: Initializing database files simple_db | 2021-03-25T10:54:04.578298Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). simple_db | 2021-03-25T10:54:04....

March 25, 2021 Β· 0xNinja

πŸ“¦ HTB - Ready

Cool box, maybe too easy for a medium? Got reverse shell in minutes, but stuck for root’s password for hours πŸ˜… TL;DR Gitlab RCE, get reverse shell. Privesc with cleartext root password, escape Docker to own the box. Footholds nmap Starting Nmap 7.80 ( https://nmap.org ) at 2021-03-14 16:00 UTC Nmap scan report for 10.10.10.220 Host is up (0.035s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8....

March 20, 2021 Β· 3 min Β· 0xNinja

SQLi lab solutions

Some weeks ago I created a trainning lab for SQL injections called SQLi lab. And I will go through all levels in this blog post, explainning the expected way to solve each of them. The lab currently contains 5 levels, and I will update this post as I add more of them πŸ‘ Installation The GitHub repository is at https://github.com/OxNinja/SQLi-lab if you want more information. First I clone the lab in a folder, add its IP to my hosts file for conveignance, and then build it with the given script:...

August 20, 2020 Β· 0xNinja