YPYogesh Peelainexploitnotes.hashnode.dev·Jun 24 · 7 min readHackTheBox: Baby WriteupSummary Baby is an Easy Windows AD box (baby.vl, DC: BABYDC). Null LDAP bind enumerates the full domain user list, including a description field that leaks a default password (BabyStart123!) for newly00
WMWilliam Mainwillsec.hashnode.dev·Sep 6, 2024 · 3 min readHTB Notes: FunnelFTP We begin by scanning the box with nmap. We find two ports open on the machine: 21 (ftp) and 22 (ssh) We can access the ftp server using the anonymous user account. An interesting note is we could use either the anonymous or ftp user and we co...00
JGJames Gallagherinjamesonhacking.hashnode.dev·Mar 15, 2023 · 5 min readDefeating Rate Limiting with FireproxI've been using fireprox to defeat rate limiting with great success. This tool sets up a pass-through-proxy in AWS API Gateway which is mapped to a specific target URL. It allows an attacker to rotate their egress IP address between hundreds of egres...00