What ?? Malware ?? No more pentesting ?? (Boring backstory) Well, sort of. Let me keep this brief. I began my cybersecurity journey in 2020, focusing on penetration testing, web application security, and participating in various Capture the Flag (CTF) challenges, primarily on HackTheBox. Over time, I found myself losing interest. Working on box after box felt repetitive, and I realized it was time to explore something new and more challenging.
Moving a WSL2 installation to another drive Preface It’s been a while since I have written something so I guess it’s time to come up with some boring stuff to celebrate isn’t it ? This blogpost will be very short but I found it pretty interesting because it’s about something I just did for my use case and now I know it will be somewhere if I ever need to do it again.
Quick review of the machine : Wifinetic was a relatively simple box but still funny enough because of the memories it brought back. I will start by discovering a FTP share with anonymous login enabled, which contains an interesting backup archive file among other PDF files. The backup will leak me a password that I will reuse to gain a foothold on the machine as netadmin using SSH. To get root on the machine, I will use a famous WPS cracking tool called reaver which will give me the pre-shared key of the network, which is root’s password aswell.
Quick review of the machine : RedPanda was an easy-rated Linux HTB box made my Woodenk. During our initial nmap scan we discover the port 8080 that hosts the main application of this box, we discover a field input and manage to exploit it using SSTI. Having remote code execution we can either get the user flag directly or get a reverse shell using a msfvenom payload. Finally, we will be able to escalate our privilege using XXE to leak root’s SSH private key.