Phishing!

Okay so its the year 2021 and we’re almost in 2022. And technology has been evolving much more and we’re more reliant on communicating online using our accounts. …


A box on Proving Grounds focusing more on enumeration! If in-doubt just enumerate!!

OffSec Proving Grounds

Summary

We scan the network and found that the target is running an Apache web-server. Further enumeration of the web-server reveals that there is an unprotected upload functionality which allowed an attacker to upload malicious file which leads…


Hi amazing hackers from around the world, back again with another write up of a box. This time it’s from OffSec’s Proving Grounds. If you would like to check out more write ups please do check my GitLab repository

Try harder! Credits to Offensive Security

Enumeration

NMAP

PORT   STATE SERVICE VERSION
22/tcp open ssh…

This room is more focused on PostgresSQL on how misconfiguration could lead to Remote Code Execution.

NMAP SCAN

PORT     STATE SERVICE    VERSION  
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)…


Hello all, It’s been a while since I posted, I’ve been hanging out on Portswigger and learning stuff. I’ve been lazy but I’ve been documenting what I do on my gitlab. If you’re interested, check out my GitLab.

Startup

We are Spice Hut, a new startup company that just made it…


Created by ustoun0

Tasks

  • user.txt
  • root.txt

Vulnerabilities

  • PHP deserialization
  • Weak password
  • Permissions for a file.

NMAP

PORT   STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 44:ee:1e:ba:07:2a:54:69:ff:11:e3:49:d7:db:a9:01 (RSA)
| 256 8b:2a:8f:d8:40:95:33:d5:fa:7a:40:6a:7f:29:e4:03 (ECDSA)
|_ 256 65:59:e4:40:2a:c2:d7:05:77:b3:af:60:da:cd:fc:67 (ED25519)
80/tcp…

A TryHackMe room made by zyeinn featuring a lot of stuff!

Tasks

user.txt

root.txt

Vulnerabilities

Hash credentials in source code.

Weak password

XXE injection

Not calling binary from $PATH

NMAP

Port 80 and 22 is open
After a full port scan, it reveals port 8765 is also open.

Foothold

After running Gobuster, I checkout the directories and found interesting stuff in custom/js directory.

mobile.js
users.bak

Using CrackStation, the hash in…


A room on TryHackMe created by TheCyb3rW0lf featuring a Windows machine.

VulnNet:Roasted

Tasks

  • user.txt
  • system.txt

Vulnerabilities

  • IPC$ share is readable as anonymous leading to enumeration of users.
  • Kerberos leaking a hash which can lead to password cracking (From what I read it’s not a vulnerability?)
  • Strong passwords found in rockyou.txt

Sources I used

https://www.secureauth.com/labs/open-source-tools/impacket/
https://hashcat.net/wiki/doku.php?id=example_hashes
https://github.com/Hackplayers/evil-winrm
https://forum.hackthebox.eu/discussion/2749/getnpusers-py-explained-video


A room on TryHackMe created by TheCyb3rW0lf featuring various services to exploit.

Vulnet : Internal

Tasks

  • services flag
  • internal flag
  • user flag
  • root flag

Vulnerabilities

  • Sensitive files in SMB share with Anonymous Login.
  • Leaving credentials in files.
  • Sensitive files and credentials in Redis
  • Normal user able to read sensitive logs when they should not be.

NMAP


A TryHackMe room that involves the basics of penetration testing, enumeration, privilege escalation and webapp testing.

Ultratech

Tasks

  • Identify software on ports.
  • Identify OS
  • Identify routes of web app.
  • Find database name
  • Find credentials
  • Get private SSH key.

Vulnerabilities

  • API is not secure.Should practice least privilege.
  • Weak password.

Nmap

Discovered open port 21/tcp on…

FarisArch

Student that loves FOSS

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store