Category: CTF

A screenshot of a computer Description automatically generated with medium confidence CTF

Installing Kali 2021.3

Hax fun with the Dragon distro

Ok today we are going to look at deploying Kali 2013.3. The install process for this is fairly standard and familiar from previous version but for those new to this world, it seems like a good place to start.

Install Procedure (Virtual Machine)

Boot from the ISO

Graphical user interface, application

Description automatically generated Read more “Installing Kali 2021.3”


How to Identify Hashes

Some hashes are obvious but even then, it’s a good job to check. There are a few ways to check a hash outside of manual validation.

Using the Hashcat example list:

Graphical user interface, text, application, email

Description automatically generated

Using hash-identifier:

Using cyberchef Analyse hash:

Background pattern

Description automatically generated with low confidence

Using hash-id:

Using HashTag:

As you can see there are range of tools available to you, and remember if you want to keep the hashes to yourself you can download Cyberchef and run it locally!


Server Message Block (SMB) Enumeration, Attack and Defence


If you see a service with TCP port 445 open, then it is probably running SMB. SMB is used for file sharing services. You will also see it related to other protocols in its operation:


Here is a check list of common things to check:

  • Can you enumerate the server version?
  • Can you enumerate shares?
  • What versions of the protocol are enabled?
  • Can you connect using anon bind?
  • Are there any known vulnerabilities?
  • Can you enumerate usernames?
  • Is SMB signing enabled?
  • Are there other hosts in the subnet that can be used?

Read more “Server Message Block (SMB) Enumeration, Attack and Defence”


mRr3b00t Learns to play HTB again!

I rarely get a chance to play HTB these days 🙁 but today I thought i’d get back on it.. then I had a three hour battle with a graphics driver and Vmware Workstation so that basically ruined that idea…. but I thouht I’d try and remember how to CTF again.. and boy do you get slow fast! Well to try and help people and myself I’ve started to write down some notes to get my mind back into the CTF world of HTB!

Setup & Scope

Ok this is the setup phase. Let’s grab the details

  • Take note of the machine name
    • Remember most boxes are called .htb or .htb.local
    • There’s not an “internet” dns inside the arena so you need to update hosts files
  • Take note of the box author
    • This is useful for OSINT
  • Take note of the IP
    • This is your scope
  • Take note of the OS version
  • Get you digital notebook ready
Read more “mRr3b00t Learns to play HTB again!”

How to enable NULL Bind on LDAP with Windows…

History of NULL bind

Back in the early Active Directory days NULL bind was actually enabled by default, these days you can get a rootDSE NULL bind out of the box but on Windows Server 2019 you can even disable this!

So why would I want to enable NULL bind? Well, some legacy apps may need it but generally speaking you don’t want NULL bind enabled.

The lesson here is DO NOT copy what I am doing here! Simples! Read more “How to enable NULL Bind on LDAP with Windows Server 2019”


Learn all the things!

Many of you will know I’m a massive fan of learning all the things, but also I’m a huge fan of sharing intel, knowledge and experiances because I know when you are starting in a field, the world can seem too big to know things! So to this end, I’ve put together a quick list of tools that I believe are required you have some knowledge of for the PenTest+.

Where possible links to tools and download locations have been provided. Clearly you can deploy a security testing distro such as Kali Linux, Parrot etc. buy you may want to simply install Ubunt or use Windows and WSL 2. Read more “Learn all the things!”


Try Hack Me – Part 6: Rise of the…

In this latest room (box) we take on Skynet! This box has a cool theme and was fun to play through.

This room starts to move away from the guided path and has far fewer flags, but it retains more than just a two-task approach to keep the person thinking about the types of vulnerability. I’m thinking it might be cool to ask defensive questions as well (something I might add into my room I’m building).

Well we don’t have time to waste, the machines might rise up and judgement day occur so let’s get pwning! Read more “Try Hack Me – Part 6: Rise of the Machines”