m0nk3ygod Labs

m0nk3ygod Labsoffensive security notes — HTB writeups, CTF, concepts, toolshttps://m0nk3ygod.dev/koKotlin Basichttps://m0nk3ygod.dev/posts/kotlin-basic/https://m0nk3ygod.dev/posts/kotlin-basic/Kotlin basic 1Thu, 25 Jun 2026 00:00:00 GMTconceptVariablesData TypeFunction 1[EASY_Linux] Silentium write-uphttps://m0nk3ygod.dev/posts/easylinux-silentium-write-up/https://m0nk3ygod.dev/posts/easylinux-silentium-write-up/Tue, 23 Jun 2026 00:00:00 GMThtb[EASY_LINUX] Kobold write-uphttps://m0nk3ygod.dev/posts/easylinux-kobold-write-up/https://m0nk3ygod.dev/posts/easylinux-kobold-write-up/MCPJam Inspector RCE(CVE-2026-23744)로 초기 침투, operator 그룹 쓰기 권한과 PrivateBin 경로 순회(CVE-2025-64714)를 이용한 컨테이너 내 웹쉘 실행, conf.php 자격증명 재사용을 통한 Arcane 접근, --privileged Docker 컨테이너에 호스트 루트(/)를 마운트하여 권한 상승Sun, 21 Jun 2026 00:00:00 GMThtbffufvhostmcpMCPJamprivatebincve-2025-64714cve-2026-23744ssarcanedockerwebshellrevshellhost mount--privileged--entrypointdocker options[EASY_WINDOWS] Support write-uphttps://m0nk3ygod.dev/posts/easywindows-support-write-up/https://m0nk3ygod.dev/posts/easywindows-support-write-up/AD 입문 머신 4Sun, 21 Jun 2026 00:00:00 GMThtbnxcsmbILSpyDecompileReversingLDAPBloodhoundLDAP-QueryRBCD(Resource-Based Constrained Delegation)PowermadPowerViewSIDACEACLS4US4U2selfS4U2proxyKerberosrc4 hashRubeusGOAD(Game of Active Directory) Lab 구축 2 - 명령어https://m0nk3ygod.dev/posts/goadgame-of-active-directory-lab-2-/https://m0nk3ygod.dev/posts/goadgame-of-active-directory-lab-2-/GOAD minilab 사용법Wed, 10 Jun 2026 00:00:00 GMTconceptGOADActive Directory LabsGOAD(Game of Active Directory) Lab 구축 - MiniLabhttps://m0nk3ygod.dev/posts/goadgame-of-active-directory-lab-minilab/https://m0nk3ygod.dev/posts/goadgame-of-active-directory-lab-minilab/GOAD minilab 구축 가이드Wed, 10 Jun 2026 00:00:00 GMTconceptGOADActive Directory Labs[EASY_WINDOWS] Forest write-uphttps://m0nk3ygod.dev/posts/easywindows-forest-write-up/https://m0nk3ygod.dev/posts/easywindows-forest-write-up/AD 입문 머신 2Mon, 08 Jun 2026 00:00:00 GMThtbsmbrpckerberosas-rep roastinghash crackbloodhoundaccount operators groupdomain root objectacldaclexchange windows permissions groupdcsync attackpass the hash[HTB Academy] Active Directory Research Over the Yearshttps://m0nk3ygod.dev/posts/htb-academy-active-directory-research-over-the-years/https://m0nk3ygod.dev/posts/htb-academy-active-directory-research-over-the-years/Active Directory 2Wed, 03 Jun 2026 00:00:00 GMTconceptActive DirectoryADKerberosBloodHoundHTB Academy[HTB Academy] Active Directory Structurehttps://m0nk3ygod.dev/posts/htb-academy-active-directory-structure/https://m0nk3ygod.dev/posts/htb-academy-active-directory-structure/Active Directory 3Wed, 03 Jun 2026 00:00:00 GMTconceptActive DirectoryADAD DSForestDomainOUTrust[HTB Academy] Introduction to Active Directoryhttps://m0nk3ygod.dev/posts/htb-academy-introduction-to-active-directory/https://m0nk3ygod.dev/posts/htb-academy-introduction-to-active-directory/Active Directory 0.1Wed, 03 Jun 2026 00:00:00 GMTconceptActive DirectoryADWindowsDomainHTB AcademyDomainDomain ControllerForestTreeOUGroup PolicyUser / Computer / Group ObjectACLKerberosNTLMLDAPTrustPrivilegeDelegation[EASY_WINDOWS] Fluffy write-uphttps://m0nk3ygod.dev/posts/easywindows-fluffy-write-up/https://m0nk3ygod.dev/posts/easywindows-fluffy-write-up/AD 입문 머신 3Mon, 01 Jun 2026 00:00:00 GMThtbfaketimentpdatenxcsmbspidering1-dayMTLM hashresponderbloodhoundwinrmcacertificate authorityshadow credentials attackmsDS-KeyCredentialLinkCertipy-adADCSactive directory certificate servicesESC16Security Extension Disabled on Certificate AuthorityUPN[MEDIUM_WINDOWS] Voleur write-uphttps://m0nk3ygod.dev/posts/mediumwindows-voleur-write-up/https://m0nk3ygod.dev/posts/mediumwindows-voleur-write-up/AD 입문 머신 1Mon, 25 May 2026 00:00:00 GMThtbFQDNLDAPKerberosKDCkpasswdWinRMnxcbloodhoundwritespntargetedKerberoastTGTTGSkrb5.confregistryhive keywindows securityDPAPIwslntds.dithash crack[EASY_LINUX] CCTV write-uphttps://m0nk3ygod.dev/posts/easylinux-cctv-write-up/https://m0nk3ygod.dev/posts/easylinux-cctv-write-up/ZoneMinder 기본 계정 인증 및 SQLi를 통한 시스템 침투, motionEye 설정 파일에서 계정 탈취 및 RCE를 악용한 reverse shell(root) 연결Sun, 24 May 2026 00:00:00 GMThtbsqlmaptime-based sqlihashcrackbcrypt1-dayconfig filesystemd service filerevshellzonemindermotioneyeTGS(Ticket Granting Service ticket)https://m0nk3ygod.dev/posts/tgsticket-granting-service-ticket/https://m0nk3ygod.dev/posts/tgsticket-granting-service-ticket/TGS 발급 과정Sun, 24 May 2026 00:00:00 GMTconceptTGSTGTKDCFQDN & AD examplehttps://m0nk3ygod.dev/posts/fqdn-ad-example/https://m0nk3ygod.dev/posts/fqdn-ad-example/Fully Qualified Domain NameSat, 23 May 2026 00:00:00 GMTconceptFQDNDNSNetworkingKerberoshttps://m0nk3ygod.dev/posts/kerberos/https://m0nk3ygod.dev/posts/kerberos/Kerberos 인증Sat, 23 May 2026 00:00:00 GMTconceptprincipalrealmkey distribution centerauthentication serviceticket granting serviceticket granting ticketservice ticketlong-term keysession keyservice principal nameLDAP (389) & LDAPs (636)https://m0nk3ygod.dev/posts/ldap-389-ldaps-636/https://m0nk3ygod.dev/posts/ldap-389-ldaps-636/Lightweight Directory Access ProtocolSat, 23 May 2026 00:00:00 GMTconcept389/tcp636/tcpldapldapsNetExec (nxc)https://m0nk3ygod.dev/posts/netexec-nxc/https://m0nk3ygod.dev/posts/netexec-nxc/AD/Windows 환경에서 계정이 먹히는지 확인하고 SMB/LDAP/WinRM/SSH 같은 서비스에서 정보를 수집하는 자동화 도구Sat, 23 May 2026 00:00:00 GMTtoolsnxcNetExecAD/Windows enumeration tool[STARTING_POINT] Tier1 Appointmenthttps://m0nk3ygod.dev/posts/startingpoint-tier1-appointment/https://m0nk3ygod.dev/posts/startingpoint-tier1-appointment/hackthebox tier1 appointmentSat, 23 May 2026 00:00:00 GMThtbgobusterphpsqli[STARTING_POINT] Tier1 Bikehttps://m0nk3ygod.dev/posts/startingpoint-tier1-bike/https://m0nk3ygod.dev/posts/startingpoint-tier1-bike/hackthebox tier1 bikeSat, 23 May 2026 00:00:00 GMThtbssithacktricksurl encodingburpsuitehacktricks payloads[STARTING_POINT] Tier1 Crocodilehttps://m0nk3ygod.dev/posts/startingpoint-tier1-crocodile/https://m0nk3ygod.dev/posts/startingpoint-tier1-crocodile/hackthebox tier1 crocodileSat, 23 May 2026 00:00:00 GMThtbphpftphttp[STARTING_POINT] Tier1 Funnelhttps://m0nk3ygod.dev/posts/startingpoint-tier1-funnel/https://m0nk3ygod.dev/posts/startingpoint-tier1-funnel/hackthebox tier1 funnelSat, 23 May 2026 00:00:00 GMThtbpostgresqllocal port forwardingtunnelingftpsssshftp[STARTING_POINT] Tier1 Ignitionhttps://m0nk3ygod.dev/posts/startingpoint-tier1-ignition/https://m0nk3ygod.dev/posts/startingpoint-tier1-ignition/hackthebox tier1 ignitionSat, 23 May 2026 00:00:00 GMThtbhosts filedir bustingstatus code[STARTING_POINT] Tier1 Pennyworthhttps://m0nk3ygod.dev/posts/startingpoint-tier1-pennyworth/https://m0nk3ygod.dev/posts/startingpoint-tier1-pennyworth/hackthebox tier1 pennyworthSat, 23 May 2026 00:00:00 GMThtbjenkinsgroovy scriptreverse shell[STARTING_POINT] Tier1 Responderhttps://m0nk3ygod.dev/posts/startingpoint-tier1-responder/https://m0nk3ygod.dev/posts/startingpoint-tier1-responder/hackthebox tier1 responderSat, 23 May 2026 00:00:00 GMThtbhttpsresponderLFIRFINTLM hashWinRM[STARTING_POINT] Tier1 Sequelhttps://m0nk3ygod.dev/posts/startingpoint-tier1-sequel/https://m0nk3ygod.dev/posts/startingpoint-tier1-sequel/hackthebox tier1 sequelSat, 23 May 2026 00:00:00 GMThtbmysqlmariadb[STARTING_POINT] Tier1 Tacticshttps://m0nk3ygod.dev/posts/startingpoint-tier1-tactics/https://m0nk3ygod.dev/posts/startingpoint-tier1-tactics/hackthebox tier1 tacticsSat, 23 May 2026 00:00:00 GMThtbsmbimpacket collection[STARTING_POINT] Tier1 Threehttps://m0nk3ygod.dev/posts/startingpoint-tier1-three/https://m0nk3ygod.dev/posts/startingpoint-tier1-three/hackthebox tier1 threeSat, 23 May 2026 00:00:00 GMThtbaws clis3gobuster (vhost)[STARTING_POINT] Tier2 Archetypehttps://m0nk3ygod.dev/posts/startingpoint-tier2-archetype/https://m0nk3ygod.dev/posts/startingpoint-tier2-archetype/hackthebox tier2 archetypeSat, 23 May 2026 00:00:00 GMThtbms sql serverwinpeas[STARTING_POINT] Tier2 Basehttps://m0nk3ygod.dev/posts/startingpoint-tier2-base/https://m0nk3ygod.dev/posts/startingpoint-tier2-base/hackthebox tier2 baseSat, 23 May 2026 00:00:00 GMThtbphp-strcmpswpfindcmd[STARTING_POINT] Tier2 Includedhttps://m0nk3ygod.dev/posts/startingpoint-tier2-included/https://m0nk3ygod.dev/posts/startingpoint-tier2-included/hackthebox tier2 includedSat, 23 May 2026 00:00:00 GMThtbudptftplxc[STARTING_POINT] Tier2 Markuphttps://m0nk3ygod.dev/posts/startingpoint-tier2-markup/https://m0nk3ygod.dev/posts/startingpoint-tier2-markup/hackthebox tier2 markupSat, 23 May 2026 00:00:00 GMThtbXXEWindows[STARTING_POINT] Tier2 Oopsiehttps://m0nk3ygod.dev/posts/startingpoint-tier2-oopsie/https://m0nk3ygod.dev/posts/startingpoint-tier2-oopsie/hackthebox tier2 oopsieSat, 23 May 2026 00:00:00 GMThtbwebshellpath[STARTING_POINT] Tier2 Unifiedhttps://m0nk3ygod.dev/posts/startingpoint-tier2-unified/https://m0nk3ygod.dev/posts/startingpoint-tier2-unified/hackthebox tier2 unifiedSat, 23 May 2026 00:00:00 GMThtblog4jmongodb[STARTING_POINT] Tier2 Vaccienhttps://m0nk3ygod.dev/posts/startingpoint-tier2-vaccien/https://m0nk3ygod.dev/posts/startingpoint-tier2-vaccien/hackthebox tier2 vaccienSat, 23 May 2026 00:00:00 GMThtbftpjohnvi[STARTING_POINT] Tier0 Dancinghttps://m0nk3ygod.dev/posts/startingpoint-tier0-dancing/https://m0nk3ygod.dev/posts/startingpoint-tier0-dancing/hackthebox tier0 dancingTue, 19 May 2026 00:00:00 GMThtbsmb[STARTING_POINT] Tier0 Explosionhttps://m0nk3ygod.dev/posts/startingpoint-tier0-explosion/https://m0nk3ygod.dev/posts/startingpoint-tier0-explosion/hackthebox tier0 explosionTue, 19 May 2026 00:00:00 GMThtbRDP[STARTING_POINT] Tier0 Fawnhttps://m0nk3ygod.dev/posts/startingpoint-tier0-fawn/https://m0nk3ygod.dev/posts/startingpoint-tier0-fawn/hackthebox tier0 fawnTue, 19 May 2026 00:00:00 GMThtbftp[STARTING_POINT] Tier0 Mongodhttps://m0nk3ygod.dev/posts/startingpoint-tier0-mongod/https://m0nk3ygod.dev/posts/startingpoint-tier0-mongod/hackthebox tier0 mongodTue, 19 May 2026 00:00:00 GMThtbmongodbmongoshdocker[STARTING_POINT] Tier0 Preignitionhttps://m0nk3ygod.dev/posts/startingpoint-tier0-preignition/https://m0nk3ygod.dev/posts/startingpoint-tier0-preignition/hackthebox tier0 preignitionTue, 19 May 2026 00:00:00 GMThtbdir bustinghttpgobuster[STARTING_POINT] Tier0 Redeemerhttps://m0nk3ygod.dev/posts/startingpoint-tier0-redeemer/https://m0nk3ygod.dev/posts/startingpoint-tier0-redeemer/hackthebox tier0 redeemerTue, 19 May 2026 00:00:00 GMThtbredis[STARTING_POINT] Tier0 Syncedhttps://m0nk3ygod.dev/posts/startingpoint-tier0-synced/https://m0nk3ygod.dev/posts/startingpoint-tier0-synced/hackthebox tier0 syncedTue, 19 May 2026 00:00:00 GMThtbrsync[STARTING_POINT] Tier0 Meowhttps://m0nk3ygod.dev/posts/startingpoint-tier0-meow/https://m0nk3ygod.dev/posts/startingpoint-tier0-meow/hackthebox tier0 meowMon, 18 May 2026 00:00:00 GMThtbvmicmpnmaptelnetcliroot[EASY_LINUX] Facts write-uphttps://m0nk3ygod.dev/posts/easylinux-facts-write-up/https://m0nk3ygod.dev/posts/easylinux-facts-write-up/Camaleon CMS 권한 상승 및 s3 자격증명 탈취. SSH 키 크랙을 이용한 횡이동. Facter custom-dir 옵션을 이용한 권한 상승Sun, 17 May 2026 00:00:00 GMThtbCamaleon CMS CVE-2025-2304aws clis3 bucketssh-keygenpassphraseRuby envFacter Binary[MEDIUM_LINUX] Environment write-uphttps://m0nk3ygod.dev/posts/mediumlinux-environment-write-up/https://m0nk3ygod.dev/posts/mediumlinux-environment-write-up/Laravel 환경 변수 조작 및 초기 침투. GPG 자격증명 및 BASH_ENV를 이용한 권한 상승Sun, 17 May 2026 00:00:00 GMThtbupload bypassrevshelllaravel envBASH_ENV vuln[EASY_LINUX] Planning write-uphttps://m0nk3ygod.dev/posts/easylinux-planning/https://m0nk3ygod.dev/posts/easylinux-planning/Docker 컨테이너 탈출 및 crontab이 트리거하는 SUID 바이너리 악용Sat, 16 May 2026 00:00:00 GMThtbnmapffufsubdomaingrafanarevshelldocker envLocal Port ForwardingcrontabSUID[EASY_LINUX] Nocturnal write-uphttps://m0nk3ygod.dev/posts/easylinux-nocturnal/https://m0nk3ygod.dev/posts/easylinux-nocturnal/php 서비스 침투 및 CVE-2023-46818를 활용한 권한 상승Mon, 11 May 2026 00:00:00 GMThtbnmapphpfile uploadffufcommand injectionrevshellhashcrackLocal Port Forwarding1-day exploitation[EASY_LINUX] Cap write-uphttps://m0nk3ygod.dev/posts/easylinux-cap/https://m0nk3ygod.dev/posts/easylinux-cap/PCAP 분석 및 FTP 계정 정보 탈취, Python capability를 이용한 권한 상승Sat, 09 May 2026 00:00:00 GMThtbnmappcapftpPEASCAPpython