Category: Hacking

• Watcher | TryHackMe

  A boot2root Linux machine utilising web exploits along with some common privilege escalation techniques. Medium difficulty. Starting with an nmap scan we see open FTP, SSH and HTTP. FTP doesn’t accept anonymous logins so on to poke at the web server. I like feroxbuster and initially the /dirb/common.txt wordlist for a quick overview of hidden […]

  hoax

  August 23, 2022

  CTF, Hacking, Python, TryHackMe, Writeup

  lfi, privesc, unquoted paths

• Anonforce | TryHackMe

  “An easy difficulty boot2root machine for FIT and bsides guatemala CTF” Initial enumeration with nmap gives us the following: Seemingly anonymous login gives us access to the entire file system. In the home directory we find the user melodias and inside their home folder the user flag. Interestingly there’s a notread folder where we have […]

  hoax

  August 23, 2022

  CTF, Hacking, TryHackMe

• IDE | TryHackMe

  “An easy box to polish your enumeration skills!” As usual we start with basic enumeration. We can see as is usual with these easy CTF boxes, we have FTP, SSH and HTTP open. FTP allows anonymous login, and there’s a file named “-” containing the following information. Hey john, I have reset the password as […]

  hoax

  August 23, 2022

  CTF, Hacking, Python, Security, TryHackMe, Writeup

• Kiba | TryHackMe

  Identify the critical security flaw in the data visualization dashboard, that allows execute remote code execution. Easy difficulty. As usual, an nmap scan starts enumeration. Initial suggestions are that we’ll have to get access to the server via the webapp. Enumerating the directories and poking around doesn’t return much, so back to nmap to do […]

  hoax

  August 23, 2022

  CTF, Hacking, TryHackMe, Writeup