Learning NVim, Tryhackme, Vim-Adventures, resources

  • Post author:

Learning NVim, TryHackMe, Resources This post will be a walkthrough of the Vim room on TryHackMe, in addition to various learning resources I find helpful.  As I encounter helpful examples for penetration testing, I will post those as well. TryHackMe room: https://tryhackme.com/room/toolboxvimThis room teaches you to…

Continue Reading Learning NVim, Tryhackme, Vim-Adventures, resources

Tryhackme “Tokyo Ghoul” Report, Extract data from files, LFI, Escaping Python Jail​

  • Post author:

Tryhackme Tokyo Ghoul Report, Extract data from files, LFI, Escaping Python Jail https://tryhackme.com/room/tokyoghoul666 SUMMARY This is a room with a Tokyo Ghoul theme.  No info about the Tokyo Ghoul series is required to complete the room, although the creator does mention there are spoilers for…

Continue Reading Tryhackme “Tokyo Ghoul” Report, Extract data from files, LFI, Escaping Python Jail​

Tryhackme “Attacktive Directory” Report, Offensive Active Directory

  • Post author:

https://tryhackme.com/room/attacktivedirectoryThis room contains a Domain Controller, a Windows Server with Active Directory. Initial enumeration is performed with a linux version of enum.exe, enum4linux, gathering the NetBIOS name, and AD domain.Kerbrute tool can perform a dictionary attack against the DC to enumerate valid usernames, provided a usernames…

Continue Reading Tryhackme “Attacktive Directory” Report, Offensive Active Directory

Tryhackme “Magician” Report, Exploiting ImageMagick CVE-2016-3714

  • Post author:

TryHackMe Magician Report https://tryhackme.com/room/magicianA web application that converts user-uploaded PNG images to JPG images uses ImageMagick, a package commonly used by web services to process images.  The version of ImageMagick used is susceptible to multiple vulnerabilities, as described by CVE-2016-3714.  A PoC malicious file is amended…

Continue Reading Tryhackme “Magician” Report, Exploiting ImageMagick CVE-2016-3714

Tryhackme “Inferno” Report, Exploiting Codiad 0-day CVE-2018-14009

  • Post author:

TryHackMe Inferno Report https://tryhackme.com/room/infernoInferno is a medium-difficulty room created by @mindsflee.  SUMMARYDirectory busting the main web app reveals an authentication-protected path.  The authentication can be bypassed with a list of possible usernames and the rockyou.txt password list. After authenticating, there is another login page to access Codiad. …

Continue Reading Tryhackme “Inferno” Report, Exploiting Codiad 0-day CVE-2018-14009

Tryhackme “En-Pass” Report, Python Deserialization Privilege Escalation

  • Post author:

Tryhackme En-Pass Report https://tryhackme.com/room/enpassEn-pass is a medium difficulty room, created by @kiransauDirectory busting reveals four paths: a recursive path that contains a passphrase-protected private SSH key, an input form where the correct input will print a password, a 403 status page that can be bypassed…

Continue Reading Tryhackme “En-Pass” Report, Python Deserialization Privilege Escalation

Tryhackme “Classic Password” Reverse Engineering w/ IDA, Ghidra, ltrace

  • Post author:

Tryhackme "Classic Passwd" Reverse Engineering Report https://tryhackme.com/room/classicpasswdA Linux ELF binary is available for download. The challenge is to determine the correct input to reveal the flag. This can be done several different ways, with different software.  Reverse Engineering with IDA Pro Load the binary into…

Continue Reading Tryhackme “Classic Password” Reverse Engineering w/ IDA, Ghidra, ltrace

Tryhackme “TOC2” Report, CMSMS Exploit 2018-7448, File path race condition

  • Post author:

TryHackMe TOC2 Report https://tryhackme.com/room/toc2A web developer has taken a break from installing a CMS onto their web server.  As the attacker, we can use exposed credentials and database info to poison a config file during the CMS install, allowing for RCE (remote code execution). An interactive…

Continue Reading Tryhackme “TOC2” Report, CMSMS Exploit 2018-7448, File path race condition

Tryhackme “Archangel” Report, LFI and log poisoning, $PATH exploit

  • Post author:

Tryhackme "Archangel" Reporthttps://tryhackme.com/room/archangelAn exposed hostname was added to /etc/hosts and the virtual domain, mafialive.thm, webapp was accessible.  A LFI (local file inclusion) vulnerability, mixed with log poisoning results in RCE (remote code execution).A scheduled cron job can be leveraged for horizontal privilege escalation to the Archangel…

Continue Reading Tryhackme “Archangel” Report, LFI and log poisoning, $PATH exploit

Tryhackme “Mr. Robot” Report, Password cracking, SUID binary PrivEsc

  • Post author:

Mr. Robot Introduction https://tryhackme.com/room/mrrobotFrom IMDB, Mr. Robot series: “Elliot, a brilliant but highly unstable young cyber-security engineer and vigilante hacker, becomes a key figure in a complex game of global dominance when he and his shadowy allies try to take down the corrupt corporation he…

Continue Reading Tryhackme “Mr. Robot” Report, Password cracking, SUID binary PrivEsc

End of content

No more pages to load