Casey Mullineaux

Sign in Subscribe

Latest

HackTheBox - SolidState

HackTheBox - SolidState

This ‘real world company’ exercise demonstrates what can happen if your support staff email user’s credentials in plain text. After exploiting the mail server and hunting around in user’s email, I was able to take advantage of user credentials combined with misconfigured file permissions to compromise the system.

HackTheBox - Blocky

HackTheBox - Blocky

This Minecraft themed exercise demonstrates the importance of not hard coding credentials when developing software. After discovering credentials left by a sloppy developer in a Minecraft Addon, I was able to use them to compromise the entire system. Recon nmap First thing’s first. nmap -sV -sC -oA nmap 10.

Monitoring my solar system from the cloud

Monitoring my solar system from the cloud

Introduction Early last year I had solar generation system installed at my home. When it was installed, I had a sneaking suspicion that it wasn’t working properly. For a 6.36 kW system, in perfect conditions it was only generating 1-2 kW/hr. I called the solar installation company

HackTheBox - Blue

HackTheBox - Blue

Rated by the community as a piece of cake, this machine is probably one of the easiest boxes to complete on the HackTheBox.eu, but that doesn’t mean that it doesn’t offer learning opportunities (see post-mortem). I was able to achieve system access by using the EternalBlue (MS17-010)