Tryhackme “Mr. Robot” Report, Password cracking, SUID binary PrivEsc

  • Post author:

Mr. Robot Introduction https://tryhackme.com/room/mrrobotFrom IMDB, Mr. Robot series: “Elliot, a brilliant but highly unstable young cyber-security engineer and vigilante hacker, becomes a key figure in a complex game of global dominance when he and his shadowy allies try to take down the corrupt corporation he…

Continue Reading Tryhackme “Mr. Robot” Report, Password cracking, SUID binary PrivEsc

Tryhackme “Keldagrim” Report, SSTI (Server Side Template Injection), LD_PRELOAD PrivEsc

  • Post author:

Keldagrim Introduction https://tryhackme.com/room/keldagrimSUMMARYKeldagrim Forge is a Flask web application created with Python. Poor authentication allows the Admin panel to be reached by modifying the session cookie. The web app is susceptible to a SSTI (Server Side Template Injection) attack, due to a cookie value reflected…

Continue Reading Tryhackme “Keldagrim” Report, SSTI (Server Side Template Injection), LD_PRELOAD PrivEsc

Tryhackme “Sustah” Report, Bypass rate-limitations, doas.conf PrivEsc

  • Post author:

Sustah Introduction https://tryhackme.com/room/sustahA roulette-like number guessing game needs to be beat in order to obtain access to the CMS.Rate-limitation restrictions in the game prevent brute forcing techniques, but can be bypassed by specifying a couple request header fields.Exposed default admin credentials in Mara CMS allows…

Continue Reading Tryhackme “Sustah” Report, Bypass rate-limitations, doas.conf PrivEsc

Tryhackme “Colddbox” Report, WordPress enumeration and Plugin Exploitation, SUID binary PrivEsc

  • Post author:

Colddbox Introduction https://tryhackme.com/room/colddboxeasyDirectory brute forcing exposes usernamesWPScan can also be used to enumerate Wordpress usernamesDue to poor password strength, hydra can use rockyou.txt wordlist to perform a dictionary attack against the login form and determine a user’s credentialsWordpress plugins can be leveraged to run malicious…

Continue Reading Tryhackme “Colddbox” Report, WordPress enumeration and Plugin Exploitation, SUID binary PrivEsc

Tryhackme “Cyborg” Report, Backup credentials, Sudoers misconfiguration PrivEsc

  • Post author:

Cyborg Introduction https://tryhackme.com/room/cyborgt8Directory brute forcing exposes a file directory with a password hash, and an admin page with an archived backup available for download. The password hash can be cracked and used to decrypt the archived backup.The backup contains user credentials that can be used to…

Continue Reading Tryhackme “Cyborg” Report, Backup credentials, Sudoers misconfiguration PrivEsc

Tryhackme “Chocolate Factory” Report, SSH key exfiltrated with Webshell, Encrypted root flag

  • Post author:

Chocolate Factory https://tryhackme.com/room/chocolatefactoryDirectory brute forcing exposes a page intended only to be found after authentication.  This page is a web shell and allows Arbitrary Remote Code Execution. A private SSH key was found and allowed a remote SSH connection to be made.Poor sudo configuration allows the…

Continue Reading Tryhackme “Chocolate Factory” Report, SSH key exfiltrated with Webshell, Encrypted root flag

My thoughts and some tips you should know going into the OSCP exam.

  • Post author:

Hey all, I just got the results from my first OSCP exam attempt and I passed! https://www.youracclaim.com/badges/c8006e4d-58c9-482e-bf35-474f34308976/public_url My thoughts on the exam… The difficulty is artificially increased; I encountered at least two different open source projects (with source code available on Github) where the public…

Continue Reading My thoughts and some tips you should know going into the OSCP exam.

Tryhackme “Jack” Report, WordPress Enumeration and Brute Force, Plugin Exploit, Pspy

  • Post author:

Jack Writeup - Tryhackme https://tryhackme.com/room/jack Compromise a web  server running Wordpress, obtain a low privileged user and escalate your privileges to root using a Python module.How this helps your pentesting career:Web-application Pentesting, specifically WordPressPractice brute-forcing authenticationRemote-Code-Execution with WordPress malicious pluginPractice Linux Privilege Escalation to get…

Continue Reading Tryhackme “Jack” Report, WordPress Enumeration and Brute Force, Plugin Exploit, Pspy

Post-Exploitation Basics Writeup

  • Post author:

Post-Exploitation Basics Writeup - Tryhackme https://tryhackme.com/room/postexploit Learn the basics of post-exploitation and maintaining access with mimikatz, bloodhound, powerview and msfvenomHow this helps your pentesting career:This room will be related to very real world applicationsEnumerating with Windows Server ManagerHow to approach a network after you have…

Continue Reading Post-Exploitation Basics Writeup

Steel Mountain Writeup

  • Post author:

THM: Steel Mountain Walkthrough https://tryhackme.com/room/steelmountain How this helps your pentesting career:exploit Rejetto HFS 2.3 to get remote shell w/ both Metasploit and manual exploitationpractice Windows privilege escalation technique: Unquoted service paths Task 1 #1 Deploy the machine.Who is the employee of the month?The page source…

Continue Reading Steel Mountain Writeup

End of content

No more pages to load