Cookie Consent by PrivacyPolicies.com
Posts
Padraignix's InfoSec Blog

HTB Zetta machine walkthrough. Starting with an FTP FXP IPv6 leak, to an rsync brute-force for user access to the machine. Once on, chained custom syslog messages with a postgres SQL injection to pivot user access. Finally, a dubious password policy leads to using discovered credentials and adapting them to the root password for system level access.

An introductary look into Quantum Computing including the mechanics, concepts and mathematics involved. The focus will then shift to a practical implementation of these concepts using simulated environments and the qiskit python framework.

HTB AI machine walkthrough. Initial portions were more frustrating than complicated, reminiscent of daily struggles dealing with various home assistants. Once foothold was established priviledged escalation to root involved abusing a java debugging process running locally.

HTB Bitlab machine walkthrough. A fun little box that has us work through gitlab based exploitation. From erroneously stored user credentials, to uploading and merging our own files to the project, to finally exploiting hooks to execute our own code as root, this box was a good overview of various gitlab functionality.

HTB Craft machine walkthrough. A well designed moderate box from HTB that exemplified bad coding practice, sensitive data disclosures and token abuse into root.

HTB Wall machine walkthrough. An easy Linux machine from HTB that focused on RCE WAF bypass to establish an initial foothold then a direct pivot to root using a vulnerable suid binary.