https://limeincofficial.github.io/lime/post/ Recent content in Posts on LIME.inc Hugo -- gohugo.io en © Copyright Lime .inc All rights reserved. Fri, 19 Aug 2022 00:00:00 +0000 https://limeincofficial.github.io/lime/post/sip-bypass/ Fri, 19 Aug 2022 00:00:00 +0000 https://limeincofficial.github.io/lime/post/sip-bypass/ What’s System Integrity Protection (SIP) and Why Do We Care? According to Apple, “System Integrity Protection is a security technology in OS X El Capitan and later that’s designed to help prevent potentially malicious software from modifying protected files and folders on your Mac. System Integrity Protection restricts the root user account and limits the actions that the root user can perform on protected parts of the Mac operating system. https://limeincofficial.github.io/lime/post/off-sec-guide-post/ Sun, 17 Apr 2022 00:00:00 +0000 https://limeincofficial.github.io/lime/post/off-sec-guide-post/ Foreword A lot of people have a very clear misconception on what it takes to excel in off-sec, what off-sec is comprised off, and what to do to learn off-sec. I won’t read you a defenition, but know that if you find the idea of writing constantly and reading constantly boring this is the wrong proffession. A friend of mine who works as a red teamer summarizes this neatly, “Its half writing and half doing, but mostly writing. https://limeincofficial.github.io/lime/post/nax-thm/ Thu, 17 Mar 2022 00:00:00 +0000 https://limeincofficial.github.io/lime/post/nax-thm/ THM- NAX Overview This box made use of web enumeration and obscure steganagrophy. There wasn’t much post exploit to be done making it a pretty start to finish box once finding a foothold. Notable Scans https://github.com/LimeIncOfficial/Blog-Repo/blob/main/Nax.thm/results/10.10.91.116/scans/tcp_80_http_index.html https://github.com/LimeIncOfficial/Blog-Repo/blob/main/Nax.thm/results/10.10.91.116/scans/tcp_80_http_nmap.txt https://github.com/LimeIncOfficial/Blog-Repo/blob/main/Nax.thm/results/10.10.91.116/scans/_full_tcp_nmap.txt Road to User The first thing I did was to see if there was a webserver running. I checked if /nagiosxi was a subdirectory of the webserver and got a 301. I’ll start a dir enum scan and keep the dir in the back of my mind for the time being.