Category

Hacking

Category

Blunder is a Linux based CTF from HackTheBox. It entails hacking into a vulnerable web server. The server is hosting a CMS called Bludit. Which we need to exploit, after finding some potential users. Once we gain a foothold in the machine, we get reverse shell, privesc to user and finally privesc to root. Enumeration Nmap Gobuster Admin portal http://10.10.10.191/admin/ Generic admin login portalUses Bludit: https://www.bludit.com/Bludit has a GitHub repo with public code: https://github.com/bludit/bluditLogin sends…

Jerry is a Windows-based CTF from HackTheBox. Initial Attempted to browse to host, but no response. Confirmed host is alive with ping. <div class=”wp-block-codemirror-blocks-code-block code-block”> <pre>kali@kali:~/Desktop/repos/ctf/hack-the-box/oopsie$ ping 10.10.10.95 PING 10.10.10.95 (10.10.10.95) 56(84) bytes of data. 64 bytes from 10.10.10.95: icmp_seq=1 ttl=127 time=7.04 ms 64 bytes from 10.10.10.95: icmp_seq=2 ttl=127 time=8.13 ms 64 bytes from 10.10.10.95: icmp_seq=3 ttl=127 time=7.99 ms ^C — 10.10.10.95 ping statistics — 3 packets transmitted, 3 received, 0% packet loss, time 2008ms…

Agent Sudo is a TryHackMe CTF. It involves some manual enumeration, FTP brute-forcing with Hydra, SSH, then privilege escalate with a sudo CVE vulnerability. Task 1 Deploy the machine; navigate to it the host in your browser to reveal the some text. Dear agents, Use your own codename as user-agent to access the site. From, Agent R Task 2 How many open ports are there? There are 3 ports shown in the nmap scan; SSH…

Game Zone is a CTF from TryHackMe, with a focus on using SQLMap to obtain reverse shell, and then privilege escalation. [Task 1] Deploy the vulnerable machine This room will cover SQLi (exploiting this vulnerability manually and via SQLMap), cracking users hashed passwords, using SSH tunnels to reveal a hidden service and using a Metasploit payload to gain root privileges. Deploy the machine and access its web server Deploy the VM, then navigate to the…

Simple CTF is, as described, a simple CTF; by TryHackMe. This write-up is also available here. How many services are running under port 1000? kali@kali:~/Desktop/TryHackMe$ nmap target.thm -A Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-15 14:10 EDT Nmap scan report for target.thm (target.thm) Host is up (0.019s latency). Not shown: 997 filtered ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_Can't get directory…

LazyAdmin is a Linux-based CTF from TryHackMe. This box features a poorly setup up CMS, opportunities to execute code, and some privilege escalation. I very much enjoyed this box. Task 1 What is the user flag? Nmap Enumeration After running nmap, we can see there are 2 open ports: 22, SSH 7.2p2; 80, HTTP on Apache 2.4.18. kali@kali:~/Desktop/TryHackMe/lazyadmin$ nmap -A target.thm Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-12 15:48 EDT Nmap scan report for…