Hej.
My name is Maximilian, I’m an Cybersecurity Expert based in bavaria.

Blog

  • HTB: Return Walkthrugh

    HTB: Return Walkthrugh

    Enumeration NMAP Printer-Page The password field cannot be manipulated to reveal the password. However, the authentication target address can be customized. Set it to your own IP address and listen with netcat on the corresponding port. Exploitation With valid credentials, exploitation of the system can be started. Use Evil-WinRM to get CLI access: Check for…

  • HTB: Wifinetic Walkthrugh

    HTB: Wifinetic Walkthrugh

    Plattform: Hack the BoxLink: https://www.hackthebox.com/machines/wifineticDifficulty: Easy 🟠 Enumeration NMAP FTP This contains details regarding a planned system migration to Debian. The only file of significance is the backup file. The passwd file contains a potential username. Search for possibile passwords… Possibile SSH-Keys This involves SSH keys used by Dropbear, a lightweight SSH client/server commonly used on…

  • HTB: Knife Walkthrugh

    HTB: Knife Walkthrugh

    Plattform: Hack the BoxLink: https://www.hackthebox.com/machines/knifeDifficulty: Easy 🟠 Enumeration As usual start with nmap.. Port 80 is open, the website which is hosted is just a static page nothing special to find there. So lets see whats running under the hood. PHP 8.1.0 DEV looks interesting, lets see if there is a vulnerability. https://github.com/flast101/php-8.1.0-dev-backdoor-rce/blob/main/README.md An exploit for…