Tryhackme “Sustah” Report, Bypass rate-limitations, doas.conf PrivEsc

  • Post author:

Sustah Introduction https://tryhackme.com/room/sustahA roulette-like number guessing game needs to be beat in order to obtain access to the CMS.Rate-limitation restrictions in the game prevent brute forcing techniques, but can be bypassed by specifying a couple request header fields.Exposed default admin credentials in Mara CMS allows…

Continue Reading Tryhackme “Sustah” Report, Bypass rate-limitations, doas.conf PrivEsc

Tryhackme “Colddbox” Report, WordPress enumeration and Plugin Exploitation, SUID binary PrivEsc

  • Post author:

Colddbox Introduction https://tryhackme.com/room/colddboxeasyDirectory brute forcing exposes usernamesWPScan can also be used to enumerate Wordpress usernamesDue to poor password strength, hydra can use rockyou.txt wordlist to perform a dictionary attack against the login form and determine a user’s credentialsWordpress plugins can be leveraged to run malicious…

Continue Reading Tryhackme “Colddbox” Report, WordPress enumeration and Plugin Exploitation, SUID binary PrivEsc

Tryhackme “Cyborg” Report, Backup credentials, Sudoers misconfiguration PrivEsc

  • Post author:

Cyborg Introduction https://tryhackme.com/room/cyborgt8Directory brute forcing exposes a file directory with a password hash, and an admin page with an archived backup available for download. The password hash can be cracked and used to decrypt the archived backup.The backup contains user credentials that can be used to…

Continue Reading Tryhackme “Cyborg” Report, Backup credentials, Sudoers misconfiguration PrivEsc

Tryhackme “Chocolate Factory” Report, SSH key exfiltrated with Webshell, Encrypted root flag

  • Post author:

Chocolate Factory https://tryhackme.com/room/chocolatefactoryDirectory brute forcing exposes a page intended only to be found after authentication.  This page is a web shell and allows Arbitrary Remote Code Execution. A private SSH key was found and allowed a remote SSH connection to be made.Poor sudo configuration allows the…

Continue Reading Tryhackme “Chocolate Factory” Report, SSH key exfiltrated with Webshell, Encrypted root flag

My thoughts and some tips you should know going into the OSCP exam.

  • Post author:

Hey all, I just got the results from my first OSCP exam attempt and I passed! https://www.youracclaim.com/badges/c8006e4d-58c9-482e-bf35-474f34308976/public_url My thoughts on the exam… The difficulty is artificially increased; I encountered at least two different open source projects (with source code available on Github) where the public…

Continue Reading My thoughts and some tips you should know going into the OSCP exam.

End of content

No more pages to load