Tryhackme “Inferno” Report

  • Post author:

TryHackMe Inferno Report is a medium-difficulty room created by @mindsflee.  SUMMARYDirectory busting the main web app reveals an authentication-protected path.  The authentication can be bypassed with a list of possible usernames and the rockyou.txt password list. After authenticating, there is another login page to access Codial. …

Continue Reading Tryhackme “Inferno” Report

Tryhackme “En-Pass” Report

  • Post author:

Tryhackme En-Pass Report is a medium difficulty room, created by @kiransauDirectory busting reveals four paths: a recursive path that contains a passphrase-protected private SSH key, an input form where the correct input will print a password, a 403 status page that can be bypassed…

Continue Reading Tryhackme “En-Pass” Report

Tryhackme “Classic Password” Reverse Engineering Report

  • Post author:

Tryhackme "Classic Passwd" Reverse Engineering Report Linux ELF binary is available for download. The challenge is to determine the correct input to reveal the flag. This can be done several different ways, with different software.  Reverse Engineering with IDA Pro Load the binary into…

Continue Reading Tryhackme “Classic Password” Reverse Engineering Report

Tryhackme “TOC2” Report

  • Post author:

TryHackMe TOC2 Report web developer has taken a break from installing a CMS onto their web server.  As the attacker, we can use exposed credentials and database info to poison a config file during the CMS install, allowing for RCE (remote code execution). An interactive…

Continue Reading Tryhackme “TOC2” Report

2021 Sudo Exploit-In-Action

  • Post author:

2021 Sudo Vulnerability In Action, Baron Samedit, CVE-2021-3156 Vulnerability Background Info is a huge SUDO vulnerability, as it affects sudo versions for the past ten years, from 1.8.2-1.8.31p2 and 1.9.0-1.9.5p1.  The last big sudo vulnerability was a stack-based buffer overflow, but Baron Samedit is…

Continue Reading 2021 Sudo Exploit-In-Action

Tryhackme “Archangel” Report

  • Post author:

Tryhackme "Archangel" Report exposed hostname was added to /etc/hosts and the virtual domain, mafialive.thm, webapp was accessible.  A LFI (local file inclusion) vulnerability, mixed with log poisoning results in RCE (remote code execution).A scheduled cron job can be leveraged for horizontal privilege escalation to the Archangel…

Continue Reading Tryhackme “Archangel” Report

Tryhackme “Mr. Robot” Report

  • Post author:

Mr. Robot Introduction IMDB, Mr. Robot series: “Elliot, a brilliant but highly unstable young cyber-security engineer and vigilante hacker, becomes a key figure in a complex game of global dominance when he and his shadowy allies try to take down the corrupt corporation he…

Continue Reading Tryhackme “Mr. Robot” Report

Tryhackme “Keldagrim” Report

  • Post author:

Keldagrim Introduction Forge is a Flask web application created with Python. It is susceptible to a SSTI (Server Side Template Injection) attack allowing remote code execution. A misconfiguration in sudoers allows LD_PRELOAD to be exploited for privilege escalation. Exposed ports and services • ssh…

Continue Reading Tryhackme “Keldagrim” Report

Tryhackme “Sustah” Report

  • Post author:

Sustah Introduction roulette-like number guessing game needs to be beat in order to obtain access to the CMS.Rate-limitation restrictions in the game prevent brute forcing techniques, but can be bypassed by specifying a couple request header fields.Exposed default admin credentials in Mara CMS allows…

Continue Reading Tryhackme “Sustah” Report

Tryhackme “Colddbox” Report

  • Post author:

Colddbox Introduction brute forcing exposes usernamesWPScan can also be used to enumerate Wordpress usernamesDue to poor password strength, hydra can use rockyou.txt wordlist to perform a dictionary attack against the login form and determine a user’s credentialsWordpress plugins can be leveraged to run malicious…

Continue Reading Tryhackme “Colddbox” Report

End of content

No more pages to load