Mr Robot CTF is a Linux machine from Try Hack Me, which is an intermediate level box and pretty straight forward. recon Lets start with an nmap scan of your choice. nmap -sV -p- --script=banner -T4 <box_IP> Lets directory brute force using gobuster. gobuster dir -u http://<box_IP> -w /path/to/wordlist From the gobuster output it is…
Lazy Admin
Lazy Admin is a Linux box from Try Hack Me, exploitation phase is quite interesting as it requires chaining of multiple vulnerabilities to get the initial foothold! Lets get cracking!!. recon Lets start with an nmap scan of your choice. nmap -sV -p- -T4 <box_IP> @PORT 80 : there is nothing over here , lets…
Internal
Internal is a very interesting linux box, from Try Hack Me, mainly because I like abusing internal services running locally on remote hosts [heads up 😉 ] We will learn following things : SSH Local Port ForwardingCode Execution on Jenkins recon Lets start with an nmap scan of your choice nmap -sV -T4 -p- --script=banner…
Relevant
Relevant is a Windows machine from Try Hack Me. It teaches importance of enumeration. Lets go and own the box!! recon Start with an nmap scan of your choice. nmap -sV -T4 -p- --script=banner <box_IP> Lets enumerate the shares, "nt4wrksv" looks interesting! Lets explore nt4wrksv share Base64 encoded passwords.Those are of no use. Just a…
OverPass
OverPass2 from Try Hack Me is a fun box where we will spend much of the time analyzing a pcap file, walking in hacker's footsteps to find the hidden backdoor service. Hunt begins We need to download "overpass2.pcapng" file to analyze the network traffic using wireshark. I expect reader has basic understanding of wireshark packet…
Daily Bugle
Daily Bugle is a Linux system from Try Hack Me. We will cover following topics: Joomla Exploitation Privesc via yum recon Lets start with a basic nmap scan of your choice. nmap -sV --script=banner -p- <box_ip> @80/tcpI tried to attack the log in form to check for any SQLi but failed. Later checked for /robots.txt…
Skynet
Skynet is a Linux box from Try Hack Me , we will see one interesting priv-esc methodology.Lets start cracking!! recon Initiate an nmap scan of your choice. nmap -sV -p- -T4 --script=banner <box_IP> SMB Share EnumerationTwo of the shares look interesting , "anonymous"&"milesdyson"."anonymous" can be easily accessed but "milesdyson" is password protected. log1.txt contains a…
Game Zone
Game Zone is a linux machine from Try Hack Me ,we will look into following topics: SQL InjectionSSH Local Port Forwarding recon Initiate an nmap scan of your choice. nmap -sV --script=banner -p- -T4 <box-IP> @80/tcp foothold Lets try classic SQLi payload ' or 1=1 -- - We are inside!! Lets learn about this specific…
HackPark
Hack Park is a windows machine from Try Hack Me ,we will look into following things: Attacking log in portal of web siteExploiting blogengine.net CMS to get footholdAbusing scheduled task to do priv-esc recon Let do a basic nmap scan for service discovery. nmap -sV -Pn --script=banner -p- <box_IP> @PORT 80 : We can see…
kenobi
Kenobi from Try Hack Me is a fun filled Linux box. We will look into following things: File SharesNFS File SystemSUID Priv-Esc Lets get cracking..!! Recon Initiate an nmap scan of your choice, mine is a simple service version with banner grabbing. nmap -sV --script=banner -p- <box_ip> One thing that caught my attention is the…
offensivecraft 