A different approach to write-ups
Many sites have write-ups of how they hacked a challenge or box. I want to do more than that. The walkthroughs that you will find here are going to show you what I did throughout the entire challenge, how I did it and why.
The methodology of a pentester
Starting out in the world of pen testing, it can be a little rough. For real life penetration testing a professional would have to perform reconnaissance on their target, then scan what they can, gain access, escalate privileges and write a report. For challenges, typically recon is skipped and scanning is minimal. Enumerating is the most important step because if you don’t know what you are dealing with, then you’ll have a hard time trying to find vulnerabilities. When you are new, it is even harder because you don’t always know what is misconfigured, or vulnerable.
Warts and all
Even the best people in InfoSec sometimes bark up the wrong tree. That’s all right too because sometimes challenges will be designed to have false positives that are explored but don’t lead anywhere. Most people won’t write about those, but I will. New people need to see not only that everyone messes up sometimes but what to look for, when to stop and how to avoid it.
Hack the box write-ups
Practical Pentester Lab
I’ve completed a couple of these simpler challenges