theyknow's blog & ressources


Hack The Box

Latest blog posts:

HTB Write-up: Forest

7 minute read Published:

Forest was retired on HackTheBox.eu so let's sum up what I learned while solving this Windows box.
The Forest Windows box retired this weekend on HackTheBox. Getting user was quite straight forward but escalating privileges was a little more compricated. We’ll have a look at BloodHound for that last step, it’s an open source tool that I use a lot for work now and that I can’t recommend enough. 1: Recon First, I do the usual nmap scan I start with on all boxes: nmap -A -T5 10.

Writeup: Timbershade - TRAFFIC ANALYSIS EXERCISE

3 minute read Published:

I had already solved one exercise from @malware_traffic's website about network traffic related to malware infections. I have been slow to pick a new exercise from the very long list but I chose Timbershade and it was a lot of fun! Short one, but learned a lot once again.
Malware Traffic Analysis @malware_traffic blog has a lot of knowledge so I highly recommend to bookmark it somewhere. The real treasure is of course the amazing exercises page. Depending on the exercise, you get a pcap and other files. The pcap file is a traffic capture which we can analyse in Wireshark and find out where things went wrong! Being able to effectively analyse traffic is a very important skill for the security of any organisation.

HTB Write-up: Bastion

4 minute read Published:

Bastion just retired this weekend on HackTheBox.eu so I thought I would do a short write-up of what I learned during this Windows box.
The Bastion Windows box retired this weekend on HackTheBox. It was a Windows box, quite easy to solve but learned a lot along the way. It’s my first write-up of a HTB box so it might not be the best but hopefully it will be a nice summary! We learn about SMB, mounting VHD in Linux, stealing Windows hashes, cracking them with John, and exploiting a program for Privesc.

Writeup: TRAFFIC ANALYSIS EXERCISE

4 minute read Published:

Found the great website of @malware_traffic about network traffic related to malware infections. This is a subject that interests me a lot so I thought I would give the exercises a try and see if I can find something!
Malware Traffic Analysis @malware_traffic’s blog has a lot of knowledge so I highly recommend to bookmark it somewhere. The real treasure is of course the amazing exercises page. Depending on the exercise, you get a pcap and other files. The pcap file is a traffic capture which we can analyse in Wireshark and find out where things went wrong! Being able to effectively analyse traffic is a very important skill for the security for any organisation.

Upload enumeration tools to a linux server

3 minute read Published:

One of the first things I was asking myself when finally getting access to a linux server at my very beginning was 'How do I even upload the enumeration tools to do the privilege escalation?'. I got the question from someone who was beginning on HTB recently so this short article might help.
Privilege Escalation (privesc) When getting access to a server, either during a CTF or a pentesting assignment, you will probably have a limited access to the server itself. Probably because you accessed it through a compromised user. Your goal is to find a way to become root which would give you unlimited access to the server and the running programs. See, developers and sysadmins can make mistakes and have the programs running with the wrong settings.