Post

My Hacking Diaries

Posted
By Kareem Walid
2 min read
My Hacking Diaries

Init 0x01

Welcome to My Hacking Diaries.
This is where I write down every note, trick, or idea I come across while learning and practicing offensive security. Some notes might come from CTF machines, bug bounty hunting, enumeration tips, privilege escalation tricks, or reverse engineering challenges. Others might be things I learn from programming, scripting, or random CTF problems. I’m mainly writing these for myself because I forget things quickly but I also hope they’ll help beginners, or anyone stuck and needing a hint. At the end of the day, everything here is part of the bigger journey in hacking and offensive security.

Hacking Notes

Date : 27/04/2025

  • Subdomain fuzzing
    1

    ffuf -u http://test.com/ -w ./fuzzDicts/subdomainDicts/main.txt -H "Host:FUZZ.test.com"  -mc 200
  • Always add any subdomain to /etc/hosts file in order to be able to open it duuh

  • remember always etc/passwd contain information about the users like this

  • config file for ruby on rails most of the time can be found at
    1

    ../../config/database.yml
  • you can break bcrypt hash using this command with hashcat
    1

    hashcat -m 3200 hash.txt wordlist.txt
  • if you got shell on webserver using any website and the user is www-data to transition to bash you can use python
    1

    python3 -c "import pty;pty.spawn('/bin/bash')"
  • port forwarding using ssh
1

ssh -L 8500:127.0.0.1:8500 messi@test.com

-L: This flag specifies local port forwarding. It means that you’ll forward a local port (on your local machine) to a port on the remote machine.

8500:127.0.0.1:8500: This is the actual port forwarding configuration.

8500: The local port on your machine. When you access localhost:8500 on your computer, the connection will be forwarded to the remote machine.

127.0.0.1: The address on the remote machine (the loopback address, often referred to as localhost).

8500: The port on the remote machine that you want to forward the local connection to. In this case, it’s port 8500 on the remote machine.

  • LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts. The checks are explained on book.hacktricks.wiki

Directories Brute force using different tools :

using Gobuster :

1

gobuster dir http://test.htb/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x txt,asp,aspx,html

you can use this to internal scan

1

ss -tuln
Hack The Box, Notes
HTB CTFs Notes
This post is licensed under CC BY 4.0 by the author.