Learning NVim, TryHackMe, Resources This post will be a walkthrough of the Vim room on TryHackMe, in addition to various learning resources I find helpful. As I encounter helpful examples for penetration testing, I will post those as well. TryHackMe room: https://tryhackme.com/room/toolboxvimThis room teaches you to…
Tryhackme Tokyo Ghoul Report, Extract data from files, LFI, Escaping Python Jail https://tryhackme.com/room/tokyoghoul666 SUMMARY This is a room with a Tokyo Ghoul theme. No info about the Tokyo Ghoul series is required to complete the room, although the creator does mention there are spoilers for…
https://tryhackme.com/room/attacktivedirectoryThis room contains a Domain Controller, a Windows Server with Active Directory. Initial enumeration is performed with a linux version of enum.exe, enum4linux, gathering the NetBIOS name, and AD domain.Kerbrute tool can perform a dictionary attack against the DC to enumerate valid usernames, provided a usernames…
TryHackMe Magician Report https://tryhackme.com/room/magicianA web application that converts user-uploaded PNG images to JPG images uses ImageMagick, a package commonly used by web services to process images. The version of ImageMagick used is susceptible to multiple vulnerabilities, as described by CVE-2016-3714. A PoC malicious file is amended…