🦊

Optimizing my workflow to reduce unnecessary typing has been a game-changer, enhancing both my productivity and my connection to the tools I rely on. I tend to use whatever machine I work on like it’s an extension of my body - and thus I like to remove any cognitive friction when using it, allowing my feeling of flow to continue, uninterrupted. Below I’ll first introduce you to a few simple tools. Then I’ll share some tips and aliases that can make your life a lot easier. ...

Box number 3 in the HTB intro, dancing is about a SMB share which requires no password to connect to, containing a “root” flag. After a short “man smbclient” to look up some of smbclient’s REPL commands, I quickly acquired the flag. Remediation Don’t allow critical data on unauthenticated shares. Set up authentication and authorization for shares in which users are going to put data.

Being box number 5 in the hack the box “starting point” introduction, it’s an easy machine. Initial recon shows that this is also, very obviously, a windows machine: Let’s try to connect to it with xfreerdp /v:$target. Password certainly expired. Interesting. Let’s try to open op a gui connection. The HTB pwnbox comes loaded with a program called Remmina, which is a great choice for things like RDP, VNC and other sort of connections which might require a gui. ...

Second box in the intro series. Another cakewalk, although one question about the box was a bit more finnicky. This box is about a FTP server. Running nmap, as well as connecting to it through the ftp command give me the login prompt and version 3.0.3 for vsFTPd. One of the required answers for the machine is “From your scans, what version is FTP running on the target?”. Which is 3.0.3 - yet the answer is not accepted. You need to include the daemon name as well, in front of the version - a minor gripe. ...

Meow is the first box in the hack the box intro series. If I were to just break these boxes and report on them it would be a bit boring. So I’ll throw in some advice I’d give for preventing the specific attack vector as well. After answering the questions the people at HTB set up for meow, it was clear to me - before I fired up nmap - that telnet was open. This box was, as the difficulty stated, indeed very easy. ...

Mongod - referring to MongoDB, a noSQL database for storing unstructured data. I’ve maintained and scaled a couple of these clusters for so-called “big data” processing in the past. It used to have insecure-by-default config settings which would allow connections from 0.0.0.0 on port 27017. Unauthenticated. Unauthorized. The documentation back then told you to set up access controls and bind the database to a specific interface, as the default was ‘accept connections from anywhere’ - but who reads the documentation when you can just docker run? ...

Another “very easy” box in the “starting point” trail by Hack the Box - number 6. Let’s start with our initial recon. The questions for the box point towards a “next step” of directory bruteforcing with gobuster. Let’s follow the lead. What does running the command tell us about using the command? ...

Box number 4 in the hack the box “starting point” trail. As this is another very easy box, let’s run basic recon against it.. Alright, a redis server. Worked with tons of these in the past, but usually from a codebase perspective - and as a caching mechanism for hot data. I still remember redis-cli but have no recollection of any of the flags the cli takes. ...

Sync. The process of synchronizing. I wonder what this box will present to me. Let’s find out. Recon Ah, rsync. The sysadmin’s preferred alternative to scp for large files and backups. It supports a myriad of options - incremental transfer being one of them. Great for spotty connections, backup jobs and large file transfers. ...

There’s something strangely grounding about admitting you don’t know everything — especially when you’ve spent decades building, breaking, and rebuilding systems. I don’t walk into rooms thinking I’m the senior. But I leave most engagements quietly realizing I was. Not because I sought that title, but because the baseline knowledge I carry — TCP/IP, filesystem permissions, packet inspection, the old rituals — seems to be disappearing. Replaced by abstractions. Paved over by platforms. ...