Shakil's Blog

Solar Lab - HTB Nmap PORT STATE SERVICE REASON VERSION 80/tcp open http syn-ack nginx 1.24.0 | http-methods: |_ Supported Methods: GET HEAD |_http-title: SolarLab Instant Messenger |_http-server-header: nginx/1.24.0 135/tcp open msrpc syn-ack Microsoft Windows RPC 139/tcp open netbios-ssn syn-ack Microsoft Windows netbios-ssn 445/tcp open microsoft-ds?

Continue reading 

Office - HTB Recon Nmap Port State Service Version 53/tcp open domain Simple DNS Plus 80/tcp open http httpd 2.4.56 ((Win64) OpenSSL/1.1.1t PHP/8.0.28) 88/tcp open kerberos-sec Microsoft Windows Kerberos 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP 443/tcp open ssl/http Apache httpd 2.

Continue reading 

Devvortex - HTB Recon Nmap Services Port Service 80 http (nginx/1.18.0) 22 ssh () Subdomains (VHost) $ ffuf -w ~/SecLists/Discovery/Web-Content/raft-medium-directories-lowercase.txt -u http://devvortex.htb -H "Host: FUZZ.devvortex.htb" -fs 154 /'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/ \ \_\ \ \_\ \ \____/ \ \_\ \/_/ \/_/ \/___/ \/_/ v2.

Continue reading 

Noted (DFIR) Scenario Simon, a developer working at Forela, notified the CERT team about a note that appeared on his desktop. The note claimed that his system had been compromised and that sensitive data from Simon’s workstation had been collected.

Continue reading 

Jingle Bell (DFIR) Scenario Torrin is suspected to be an insider threat in Forela. He is believed to have leaked some data and removed certain applications from their workstation. They managed to bypass some controls and installed unauthorized software.

Continue reading 