Natan Hailu’s Post

Well then, for a medium level machine this one was actually rather difficult. Standard enumeration to begin with, discovery of a subdomain that leads to a teamcity website. Abuse of a exploit to achieve account takeover. SSH to user flag, post enumeration reveals a 2nd subdomain. And finally what took hours; exploiting docker.

In this video, Henrik Rexed dives deep into the world of feature flags, showcasing how to implement and manage them effectively using Flagd, a robust tool in the OpenFeature ecosystem. Whether you're a developer, DevOps engineer, or simply passionate about software development, this tutorial will provide valuable insights and practical tips to enhance your feature management strategy.

How long would it take you to understand this code? The most clever way to implement a Prefix Tree that I have ever seen. Walrus operator to recursively use a lambda function as apart of a defaultdict declaration. He even uses 0 as a key to associate a count with each node. The most interesting thing to me is how he inverted the problem statement. Explained this in my most recent LC video. Courtesy of lee215.

These are definitely more challenging but in the process of figuring It out I really have learned a lot in a short time about Nmap, Gobuster, Dirbuster and enumeration as a whole. I am getting much more comfortable with working in the cli and am learning many of the tags flags and commands.

💖 Valentine Machine Cracked! 💻🔐 Excited to announce that I’ve completed the "Valentine" machine on Hack The Box! This unique challenge brought out the best in web exploitation, enumeration, and privilege escalation. Key learnings from this challenge: 1️⃣ Used tools like nmap and ffuf for in-depth scanning and enumeration. 2️⃣ Discovered exposed private ssh key. 3️⃣ Learned about Heartbleed Vulnerability. 4️⃣ Learned about CVE-2014-0160. 5️⃣ Escalated privileges by exploiting an already running tmux session. writeup :--> https://lnkd.in/gxa5dVhZ try it :--> https://lnkd.in/gypFREQH

Another walkthrough! Lesson learnt: Always check FTP and SMB first

🎉 Completed Another Machine from Hack The Box! 🎉 🔒 Machine: Seal 💡 Key Learnings: -> Gitbucket Enumeration -> Forbidden Page Bypass #LinuxExploitation

I recently completed a HackTheBox machine that tested my skills in exploiting a version of WonderCMS vulnerable to Cross-Site Scripting (XSS) and a command injection vulnerability found in a internal application, which allowed me to execute commands on the target machine. After completing the machine, I made a exploit script tailored to the WonderCMS vulnerability, automating the process of exploitation and granting me access to the application's server.

Tests for a run cycle for one of the characters from my loop.

#FeatureFlags Made Easy with #Flagd and #OpenFeature! In this video, Henrik Rexed dives deep into the world of feature flags, showcasing how to implement and manage them effectively using Flagd, a robust tool in the OpenFeature ecosystem. Whether you're a #developer, #DevOps #engineer, or simply passionate about #software #development, this tutorial will provide valuable insights and practical tips to enhance your feature management strategy.