30 Days of HackTheBox with rootissh #Day2 We are starting a daily series in which we are going to cover writeups of 37 Hack The Box boxes of the TJNull list for OSCP preparation. By Atharva Shirude General Information Name :- Valentines Difficulty :- Easy OS :- Linux IP :- 10.10.10.79 Contents Scanning Enumeration Exploitation Privilege…

We are starting a daily series in which we are going to cover writeups of 37 Hack The Box boxes of the TJNull list for OSCP preparation. 37 Days of Hack The Box with rootissh #Day1 By Atharva Shirude General Information Name :- Friendzone Difficulty :- Easy OS :- Linux IP …

by Prateek Kuber and Atharva Shirude — Google is the World’s most used search engine on the internet today. Everyone uses this browser for their day-to-day searches. From their school projects to looking for cat videos to watch while they work! But, the google browser is a very strong tool if you know how it uses it…

Android Application Penetration Testing is the process of testing the security of an Android application by simulating an attack. The goal of this testing is to identify vulnerabilities in the application that could be exploited by an attacker to gain unauthorized access to sensitive information or perform malicious actions. There…

Author - Prabhjot Kaur WordPress- WordPress is that the most well-liked CMS on the web, but, consequently, it’s additionally the foremost hacked. As an example, in 2018, 90% of hacked CMS-powered websites were hosted by WordPress, amounting to around ninety,000 attacks per minute. If you employ WordPress, this information could cause…

After it was discovered that Best Festival Company was now on the blockchain and attempting to mint their cryptocurrency, they were quickly compromised. Best Festival Company lost all its currency in the exchange because of the attack. It is up to you as a red team operator to discover how the attacker exploited the contract and attempt to recreate the attack against the same target contract. — Objectives of DAY-8

McSkidy accidentally opened the document, and it's still unknown what this document did in the background. McSkidy has called on the in-house expert Forensic McBlue to examine the malicious document and find the domains it redirects to. Malicious documents may contain a suspicious command to get executed when opened, an embedded malware as a dropper (malware installer component), or may have some C2 domains to connect to.

Elf McBlue found an email activity while analysing the log files. It looks like everything started with an email… — Objectives of DAY-6 Learn what email analysis is and why it still matters. Learn the email header sections. Learn the essential questions to ask in email analysis. Learn how to use email header sections to evaluate an email. Learn to use additional tools to discover email attachments and conduct further analysis.

Elf McSkidy asked Elf Recon McRed to search for any backdoor that the Bandit Yeti APT might have installed. If any such backdoor is found, we would learn that the bad guys might be using it to access systems on Santa’s network. — Objectives of DAY -5 Learn about common remote access services. Recognize a listening VNC port in a port scan. Use a tool to find the VNC server’s password. Connect to the VNC server using a VNC client.