NeilSec: Security Learning Blog

Pentesting, infosec, hacking, learning.

Welcome to Neil’s InfoSec Blog

A personal blog recording my learning journey into IT security, penetration testing and ethical hacking.  If you’re looking for expert insight into highly technical aspects of Pen Testing then this is not the place to get it. If you’re at the neophyte level, like me, then you might enjoy seeing what I learn.  I’ll be posting what I learn, as I learn.

I welcome all and any input from people who share the same interest so feel free to post comments.

How to download & upload files via Windows command line / terminal / cmd.exe (without Powershell)

by Leave a Comment

The lack of native commands for simple downloading of pentesting tools in Windows is often bemoaned, especially in comparison to linux where commands like wget are generally installed and easy to use.# The first port of call is to use Powershell but that isn't always possible in earlier version of Windows, and I've been told you cannot do it easily via Windows command line. It turns it out it's pretty simple if you do it via webdav. First you need to set up webdav on a server somewhere. You can set up webdav on your Kali machine using widely available instructions. Here I used a free Continue Reading

HackTheBox: Arctic – Walkthrough

by 4 Comments

Initial Enumeration So a Windows box with 3 ports open. Port 135: RPC There is a vulnerability for XP boxes for RPC on 135 and MSF has an exploit for it but it didn't work. Worth a shot but not this time. I suspect that port 49154 is the higher  port associated with the RPC Port 8500: fmtp? Google seems to think this is Flight Message Transfer Protocol. I tried connecting via netcat but didn't get much. Curl produced a result though: So an HTTP service. Let's see what it looks like in a browser:   I recognise those directory names from ColdFusion penetrations done Continue Reading

HackTheBox: Waldo – Walkthough

by Leave a Comment

Initial Enumeration So we have a linux box with 2 open ports and a filtered port. Let's check out the ports in turn: 22/OpenSSH 7.5p2 Not much use at this stage. No known exploits for it and no usernames to even brute force 80/HTTP nginx 1.12.2 Browsing to the site shows: It's a Where's Waldo (that's Where's Wally to us Brits) themed site with a web app called List Manager. If you click Add List, a list is added and given the next number in the the sequence. And you can delete it with the Delete button. Viewing the page source we can see it uses a Javascript function called list.js and we Continue Reading

HackTheBox: Lame – Walkthrough

by 1 Comment

Initial Enumeration Quick syn scan: Wider and deeper scan: A quick note on the scans: I generally do basic nmap scans and then use unicornscan for wider port scans because it's so much quicker, especially with UDP. However HackTheBox VPN appears to interfere with that. So I've been ammending my nmap scans with the T4 timing and --max-retries which seems to be a reasonable alternative. The -p- means ports 0-65535. Without the other settings I've founds all ports scans to take a ridiculously long time. Unfortunately it still doesn't make all-ports UDP scans quick enough so I tend set one Continue Reading