First of all, I would like to thank Josh Mason for providing me a THM premium subs which has given me driven force to work more and learn more!!

Inspired by Josh Mason I decided to write a blog/write-up for the path I’ll be completing in the tenure of 6 months!! If everything goes according to plan I’ll be focusing first on Cyber Defense Path and then Offensive Pentesting after completion of Pre-Security Path.

I’ll always opt for the Pre-Requisite course first before actually getting into the real stuff. I might be knowing all the concepts and consider this a…

PTS (Penetration Testing Student) is a course for beginner level certification eJPT (eLearnSecurity Junior Penetration Tester). PTS is available freely on INE platform and is designed by instructor Lukasz Mikula. This course should a perfect and prior option to opt for an individual who wanted to start a career in Cyber Security.

A big shoutout to Josh Mason and Cyber Supply Drop for the exciting challenge #PTSchallenge which became the driven force to complete the course and share the experience

I have divided this blog into two parts:

  1. My experience during the completion of course
  2. My learnings and finding (notes)…

Let us say , we have a web application containing multiple pages , each requires a change in the specific content (like may be name of user or anything). Therefore it would be difficult to change the HTML code manually every single time. This is where Server Side Inclusion takes place which can dynamically inject the required input to the all the required places(in HTML code).


  • Introduction
  • SSI Injection Vulnerability & Detection
  • SSI Injection Attack Scenario
  • Mitigations of SSI Injection Vulnerability
  • Conclusion


SSIs (Server Side Includes) are the directives which are present in the web application to feed an…

Malicious attacks must be prevented at all nodes and endpoints in the network. As a result, Cyber Security or Information Security refers to the process of securing and minimising the effects of attacks on nodes such as servers, computers, and cell phones.

DNS Spoofing refers to any attack that tries to change the DNS records returned to a querier to a response the attacker chooses. This can include some of the techniques described in DNS Hijacking, the use of cache poisoning, or some type of man-in-the-middle style attack. Sometimes, we use the term DNS Hijacking and DNS Spoofing interchangeably.

Recently HTB has released a machine named as Script Kiddie. Yess!! Script Kiddie which definitely gives hint about the machine. Like we can assume that we wont be doing much rather than relying on the tools for the same. Guess that’s what Script Kiddie means!!

So lets see how easy this machine could be ??

Concept Learnt:

  1. Enumeration
  2. Malicious payload (template bin)
  3. Reverse Shell
  4. Privilege escalation

Port Scanning

First thing first, scanning the machine to find the open ports!

Command : nmap -A -T4

Got stuck?? Want to learn web hacking…Don’t know where to start from?

Awesome!! We have the list of the resources where we can learn web application hacking in a guided manner ranging from theory concepts to practical knowledge.

Online Hacking Demonstration Sites


Delivery is literally one of the easy machines on HTB. This doesn’t took much time and much efforts to complete the check points(user and root flag).

Concepts Learnt:

Web Recon

HTML Injection



Port Scanning

Using nmap, scanning the IP for the open ports and get details of the open ports as mentioned below:

Doctor is one of the easy boxes on HTB. FYI Easy boxes are also tougher than the boxes on any other platform.


Add the IP address( with doctors.htb to the hosts file (/etc/hosts) and we are good to go!!!

Concept Learnt:

  1. Enumeration
  2. SSTI i.e Server Side Template Injection
  3. Reverse shell
  4. Privilege Escalation using Splunk

Port Scanning

Scanning with the nmap to find the open ports and the services

Command used: nmap -A -T4 doctors.htb

Vikas Sharma

Just an another security nerd…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store