14Nov 2020 by admin

TryHackMe – Pokemon

http, pokemon, privilege escalation, ssh, TryHackMe
Greetings everyone! In today's post, we'll be attacking another machine on the great platform TryHackMe. This machine is, you guessed it, Pokemon-themed! The description for this room mentions that there are actually four flags to find! Three of them are based off of Pokemon types (Grass, Water, Fire), and then there is a root flag to find. Well, it actually says 'What is Root's favorite Pokemon?". I'm going to treat that as the root flag as I'm assuming that we'll need root-level access to find that out! Let's jump in to find out! As always, we'll begin with our trusted Nmap scan! Only two ports open, but one of them is port 80. Let's start enumerating that web server! The landing page is the default Apache2 page: While poking around…
Read More
12Oct 2020 by admin

TryHackMe – Bounty Hacker

ftp, privilege escalation, ssh, TryHackMe
Greetings everyone! I have a pretty quick walkthrough today for you! Once again, we'll be using the fantastic platform TryHackMe. The box we'll be tackling is called Bounty Hacker! With our Kali box fired up, we'll start off with our trusted Nmap scan! We can see that we get a few hits back; the main one being FTP! Nmap shows that the box allows for anonymous login, so let's connect that way and grab any files that we can! We can see that two files are listed: locks.txt and task.txt. Time to download them and see what goodies are inside! We'll first cat out the task.txt file: Looks like this task file was created by someone named "lin". This is great because we have a possible username that we may…
Read More
24Aug 2020 by admin

TryHackMe – Agent Sudo

ftp, privilege escalation, ssh, Steganography, TryHackMe
Greetings everyone! I'm back with another machine walkthrough from the hacking platform TryHackMe! This machine is called Agent Sudo! So without any further ado, let's jump into it! We'll start off with our trusty Nmap scan: Alright, well right off the bat we can see that port 80 is open, and that means there is a website to check out! Great, let's browse to it! Hmm! Now there wasn't much, actually nothing, returned from any type of enumeration or vulnerability scanning on this website! That being the case, I went back and re-read the message that was displayed. At the moment, we have no sweet clue what our "codename" is. But what we can do is use cURL to spoof our user-agent. Putting out detective hat on, we notice that…
Read More
08Jul 2019 by admin

Hack The Box – Mirai

hackthebox, http, privilege escalation, ssh
Greetings everyone! Sorry for the long delay, but I'm back with a hot new walkthrough of a Hack the Box machine; this one is called Mirai! For those of you not familiar with Mirai, it's a strain of malware that was responsible for a massive botnet that infected IoT (Internet of Things) devices, which in turn resulted in massive DDoS attacks. Knowing this information, we may be dealing with an IoT device on this box! Let's get started!Mirai is located at 10.10.10.48, so let's get the ball rolling with an nmap scan: Alright so the first thing that jumps out is that port 80 is open, so let's start enumerating it to see if we can pull some more information. We can use Nikto for this: Look at this! Right…
Read More
01May 2019 by admin

Hack The Box – Irked

hackthebox, http, metasploit, privilege escalation, ssh
Greetings everyone! In today's post, I'll be changing things up by attacking a system that can be found on a website called hackthebox.eu. I'm fairly new to this site, but essentially the premise is that you can connect to their servers via VPN, and attempt to hack the systems, by grabbing a user flag and a root flag, and uploading them to your profile! This system is called Irked, so let's get to it! After establishing a VPN connection to the HTB server, we can see that our IP is 10.10.14.16, and the machine called Irked is at 10.10.10.117. Knowing this information, we'll start things off with an nmap scan with the command nmap -A -T4 -p- 10.10.10.117. We see that port 80 is open, so of course we're going…
Read More
29Mar 2019 by admin

VulnHub – Quaoar

http, metasploit, privilege escalation, ssh, vulnhub
Happy Friday! In today's post, I'll be exploiting another system downloaded from VulnHub! This one is called Quaoar, so let's not waste any time and jump into it! When Quaoar is booted up, we are shown it's IP address. For me, it was located at 10.10.1.10. Alright, let's boot up our attacking system and scan the target with Nmap. We get a few options back here! One port that sticks out is port 80, which is of course used for http. Knowing this, let's open up a web browser and head over to 10.10.1.10. So we do see a website up and running! Doing a little bit of exploring around the website, we have an option to click on a link which states "Click here to know what you need…
Read More
24Mar 2019 by admin

VulnHub – Basic Pentesting 2

privilege escalation, smb, ssh, vulnhub
In today's post, I'll be attacking a virtual machine downloaded from VulnHub called Basic Pentesting 2. I've previously posted two ways of exploiting a machine called Basic Pentesting, so it's only right that we try out the next machine in the series! The first thing we're going to do is locate the vulnerable machine on our network. We can do this by using a tool called netdiscover. Once we find it, we can start scanning! For me, the vulnerable machine is located at 10.10.1.11, so let's fire up nmap! Alright, looking at these results we can see there is a web server running, so let's browse to it and see what we find. Nothing here, really! But let's run a program called dirb to see if we can brute force…
Read More
16Mar 2019 by admin

VulnHub – Toppo

awk, privilege escalation, ssh, vulnhub
Good evening! In this post, I'll be exploiting another virtual machine that I downloaded from vulnhub.com. This one is called Toppo! This VM immediately caught my attention because of the name. For those unaware, Toppo is a character from Dragon Ball! No he is not a saiyan, but he proved to be quite the formidable foe in the Tournament of Power. But hey, who knows, maybe this VM was named Toppo for another reason. I, however, believe to think that it was named after the future God of Destruction of Universe 11. Anyway, enough Dragon Ball talk, and let's get to it! Once the VM is booted up, we are given the IP address of the system. Alright, let's scan it with Nmap to see what services we have running.…
Read More