Tryhackme “Inferno” Report

  • Post author:

TryHackMe Inferno Report https://tryhackme.com/room/infernoInferno is a medium-difficulty room created by @mindsflee.  SUMMARYDirectory busting the main web app reveals an authentication-protected path.  The authentication can be bypassed with a list of possible usernames and the rockyou.txt password list. After authenticating, there is another login page to access Codial. …

Continue Reading Tryhackme “Inferno” Report

Tryhackme “En-Pass” Report

  • Post author:

Tryhackme En-Pass Report https://tryhackme.com/room/enpassEn-pass is a medium difficulty room, created by @kiransauDirectory busting reveals four paths: a recursive path that contains a passphrase-protected private SSH key, an input form where the correct input will print a password, a 403 status page that can be bypassed…

Continue Reading Tryhackme “En-Pass” Report

Tryhackme “TOC2” Report

  • Post author:

TryHackMe TOC2 Report https://tryhackme.com/room/toc2A web developer has taken a break from installing a CMS onto their web server.  As the attacker, we can use exposed credentials and database info to poison a config file during the CMS install, allowing for RCE (remote code execution). An interactive…

Continue Reading Tryhackme “TOC2” Report

Tryhackme “Archangel” Report

  • Post author:

Tryhackme "Archangel" Reporthttps://tryhackme.com/room/archangelAn exposed hostname was added to /etc/hosts and the virtual domain, mafialive.thm, webapp was accessible.  A LFI (local file inclusion) vulnerability, mixed with log poisoning results in RCE (remote code execution).A scheduled cron job can be leveraged for horizontal privilege escalation to the Archangel…

Continue Reading Tryhackme “Archangel” Report

Tryhackme “Mr. Robot” Report

  • Post author:

Mr. Robot Introduction https://tryhackme.com/room/mrrobotFrom IMDB, Mr. Robot series: “Elliot, a brilliant but highly unstable young cyber-security engineer and vigilante hacker, becomes a key figure in a complex game of global dominance when he and his shadowy allies try to take down the corrupt corporation he…

Continue Reading Tryhackme “Mr. Robot” Report

Tryhackme “Keldagrim” Report

  • Post author:

Keldagrim Introduction https://tryhackme.com/room/keldagrimKeldagrim Forge is a Flask web application created with Python. It is susceptible to a SSTI (Server Side Template Injection) attack allowing remote code execution. A misconfiguration in sudoers allows LD_PRELOAD to be exploited for privilege escalation. Exposed ports and services • ssh…

Continue Reading Tryhackme “Keldagrim” Report

Tryhackme “Sustah” Report

  • Post author:

Sustah Introduction https://tryhackme.com/room/sustahA roulette-like number guessing game needs to be beat in order to obtain access to the CMS.Rate-limitation restrictions in the game prevent brute forcing techniques, but can be bypassed by specifying a couple request header fields.Exposed default admin credentials in Mara CMS allows…

Continue Reading Tryhackme “Sustah” Report

Tryhackme “Colddbox” Report

  • Post author:

Colddbox Introduction https://tryhackme.com/room/colddboxeasyDirectory brute forcing exposes usernamesWPScan can also be used to enumerate Wordpress usernamesDue to poor password strength, hydra can use rockyou.txt wordlist to perform a dictionary attack against the login form and determine a user’s credentialsWordpress plugins can be leveraged to run malicious…

Continue Reading Tryhackme “Colddbox” Report

Tryhackme “Cyborg” Report

  • Post author:

Cyborg Introduction https://tryhackme.com/room/cyborgt8Directory brute forcing exposes a file directory with a password hash, and an admin page with an archived backup available for download. The password hash can be cracked and used to decrypt the archived backup.The backup contains user credentials that can be used to…

Continue Reading Tryhackme “Cyborg” Report

Tryhackme “Chocolate Factory” Report

  • Post author:

Chocolate Factory https://tryhackme.com/room/chocolatefactoryDirectory brute forcing exposes a page intended only to be found after authentication.  This page is a web shell and allows Arbitrary Remote Code Execution. A private SSH key was found and allowed a remote SSH connection to be made.Poor sudo configuration allows the…

Continue Reading Tryhackme “Chocolate Factory” Report

End of content

No more pages to load