Donald Ashdown
SANS KringleCon - Objective 5 Terminal
Objective Challenge In this challenge, we are tasked with a terminal challenge in order to receive hints for Objective 5. This challenge...
Search
Donald Ashdown
- Jan 11
Hack the Box - Previse
Engagement flow Summary This was a really cool machine that started off with web enumeration, leading to a login bypass in which we had...
Donald Ashdown
- Jan 8
SANS KringleCon Objective 4
Objective Challenge In this challenge we are tasked with taking our total coin count above 1000 and this will result in Jack Frosts...
Donald Ashdown
- Jan 8
SANS KringleCon Terminal Objective 4
Objective Challenge In this challenge, we are tasked with solving a fun bit wise operator challenge, in order to receive the hint, and...
Donald Ashdown
- Jan 8
Sans KringleCon - Objective 3 - Terminal
Greasy GopherGuts needs our help with grepping through some nmap results and invites us to activate the terminal. 1. What port does...
Donald Ashdown
- Jan 8
SANS - KringleCon Objective 3
Objective Challenge This is really cool challenge that we never expected. I recall in previous KringleCon challenges we were also...
Donald Ashdown
- Jan 8
Sans KringleCon - Objective 2
Objective Challenge This challenge is pretty straight forwards and just invites us to look around the castle and get familiar with lay of...
Donald Ashdown
- Jan 8
SANS KringleCon Objective 2 Terminal
Objective Challenge We speak with Piney Sappington to kick things off as the pre-curser to objective 2. He goes on to explain that our...
Donald Ashdown
- Jan 8
Sans KringleCon - Intro Objective 1
Welcome to the SANS Kringlecon 2021 holiday hack challenge. We start off here in a little courtyard outside of KringleCon where we are...
Donald Ashdown
- Jan 3
Advent of Cyber 2021 Day 3 - Web Exploitation
This challenge deals with content discover, auth bypass, dirbusting.
Donald Ashdown
- Jan 3
Advent of Cyber 2021 Day 2 - Web Exploitation
Working with cookie manipulation, encoding and formatting.
Donald Ashdown
- Jan 2
Advent of Cyber 2021 Day 1 - Web Exploitation
This task deals with IDOR vulnerabilities.
Donald Ashdown
- Dec 11, 2021
Hack the Box - Seal
git review, ssl ssrf, rev proxy, sym link, ansible playbook,
Donald Ashdown
- Nov 28, 2021
Hack the Box - Intelligence
IDOR, cluster bomb, DNS Poisonings, MITM, Time synch
Donald Ashdown
- Nov 25, 2021
Hack the Box - Bounty Hunter
XXE injection with PHP was the main focus of this machine.
Donald Ashdown
- Nov 22, 2021
Hack the Box - Nunchucks
Subdomain enum, SSTI, app armor bypass (GTFO),
Donald Ashdown
- Nov 15, 2021
Hack the Box - Explore
SSH pass,
ADB ,
EsFileExplore,
SSH port forwarding,
Donald Ashdown
- Nov 6, 2021
Hack the Box Dynstr
Work flow Summary This was a rather difficult machine that involves command injection with bad character encoding for initial foothold,...
Donald Ashdown
- Oct 19, 2021
Hack the Box Querier
Summary This was an amazing machine that involved insecure file sharing services that provided credentials for an SQL server connection...
Donald Ashdown
- Oct 11, 2021
Hack the Box Validation
This was an amazing machine created by ippsec that required "second order" SQL injection. This provides the surface area to inject a webshel
Donald Ashdown
- Oct 4, 2021
Hack the box - Knife
An extremely easy box that really shows the range of difficulties which can be within the "easy" band of Hack the box difficulties
Donald Ashdown
- Sep 12, 2021
Hack the box - Monteverde
Summary This machine is very unique as it involves working with Azure AD services and is one of a kind on HTB. This machine is vulnerable...
Donald Ashdown
- Sep 3, 2021
Hack the box Luanne
Summary This was a very difficult machine that required indepth knowledge or investigations into Lua based scripting errors and openbsd...
Donald Ashdown
- Aug 30, 2021
Hack the box Love
A great machine that involves webshells, and exploiting lazy admin configurations while utilizing msfvenom.