2Cents about Cyber Security

Recent Posts

Luigi Vezzoso's Avatar'

HTB - Stocker walkthrough

Hi There! here we go with a new walktrougth of Hack The Box - Stocker Machine! initial footprint As usual, we started in a black-box mode, and we need to figure out what type of the server we have in front of us. Let’s start our loved tool nmap. # Nmap 7.80 scan initiated Sat Jan 21 09:48:02 2023 as: nmap -p- -sV -A -oN stocker.nmap stocker.htb Warning: 10.10.11.196 giving up on port becau...

Hi There! here we go with a new walktrougth of Hack The Box - Stocker Machine! initial footprint As usual, we started in a black-box mode, and we need to figure out what type of the server we have in front of us. Let’s start our loved tool nmap. # Nmap 7.80 scan initiated Sat Jan 21 09:48:02...

Luigi Vezzoso's Avatar'

HTB - Precious Walkthrough

Hi There! here we go with a new walkthrough of Hack The Box Precious Machine! initial footprint I start my analisys using black-box approach, and I need to figure out what type of server I have in front of me. Let’s run our loved tool nmap. Nmap 7.80 scan initiated Sun Feb 19 23:02:56 2023 as: nmap -p- -sV -oN precious.nmap precious.htb Nmap scan report for precious.htb (10.10.11.189) Host...

Hi There! here we go with a new walkthrough of Hack The Box Precious Machine! initial footprint I start my analisys using black-box approach, and I need to figure out what type of server I have in front of me. Let’s run our loved tool nmap. Nmap 7.80 scan initiated Sun Feb 19 23:02:56 2023 a...

Luigi Vezzoso's Avatar'

HTB - Soccer Walkthrough

Hi There! This is my first walkthrough post ever. I decided to write this series of posts about exploitation of machines available on CTF or other platform like Hack The Box. This time the taget was SOCCER machine. My goal is to describe the methodology and track the general process used to reach the goal: obtain a root shell on the machines. initial footprint Initial footprint is the phas...

Hi There! This is my first walkthrough post ever. I decided to write this series of posts about exploitation of machines available on CTF or other platform like Hack The Box. This time the taget was SOCCER machine. My goal is to describe the methodology and track the general process used to rea...

Luigi Vezzoso's Avatar'

Websocket Security Analysis 101

Hi There! during a CTF machine pentest on the hack the box platform, I came across a websocket connection to specific service. I wasn’t familiar with websocket protocol and I decided to do some steps in that direction for the sake of understanding deeper the scenario. It’s quite simple to fire our pentest arsenal provided by kali or available on Internet but the couriosity taken me down in th...

Hi There! during a CTF machine pentest on the hack the box platform, I came across a websocket connection to specific service. I wasn’t familiar with websocket protocol and I decided to do some steps in that direction for the sake of understanding deeper the scenario. It’s quite simple to fire ...

Luigi Vezzoso's Avatar'

New Beginnig #2

Hi There! Here we go with first post of 2023! I decided (again) to move my simple website/blog to a different platform: github pages with Jekyll support. Reasons for this choice is to have direct control over the writing, to keep simple and effective the editing and lastly to learn somenting new! This way of life (learning somenting new every day) is like a mantra in my mind and is just a wa...

Hi There! Here we go with first post of 2023! I decided (again) to move my simple website/blog to a different platform: github pages with Jekyll support. Reasons for this choice is to have direct control over the writing, to keep simple and effective the editing and lastly to learn somenting ne...