Home

Umbrella is a medium difficulty machine from TryHackMe which involves gaining credentials by querying the docker registry. With the credentials obtained, we were able to login to MySQL & obtain the usernames & passwords that can be used to log in to the site and as well as to SSH into the box. Then we go on and exploit the eval() function to get a reverse shell as root on the container....

WhyHackMe is a medium difficulty machine from TryHackMe which involves exfiltrating a sensitive file from the server using stored XSS to gain foothold. Later using iptables we modify a rule to allow incoming traffic via a certain port in which the attacker had uploaded a web shell to run system commands. Then by decrypting a .pcap file, we find the endpoint containing the backdoor & with the help of that we gain a shell as www-data user where the user has sudo permissions....

Kiba is a easy rated room from tryhackme where we exploit a prototype pollution vulnerability to gain a user shell & then escalate our privileges to root by exploiting a python3 binary which has setuid capabilities. Room Kiba OS Linux Difficulty Easy Room Link https://tryhackme.com/room/kiba Creator stuxnet What is the vulnerability that is specific to programming languages with prototype-based inheritance? Vulnerability - Prototype Pollution What is the version of visualization dashboard installed in the server?...

Napping is a medium difficulty box from TryHackMe which had a interesting vulnerability called Tab Nabbing to phish the admin of the website to get user daniel’s credentials by which we could ssh into the box. We then alter a python file which is run every minute by user adrian to get a reverse shell back as that user. For root, we could execute vim as root . So we refer GTFOBINS for sudo entry for vim binary to elevate our privileges to root....

Git and Crumpets is a medium difficulty box from tryhackme which is mostly based on git. We get a shell on the box using a CVE in gitea’s git hooks functionality .For root, we change the permissions of the git user to root user. Now we were able to see a private repository owned by root which had root user’s ssh private key through which we login as root to get the root flag....

Lumberjack Turtle is a medium difficulty box from Tryhackme which is entirely focused on Log4j/Log4shell a 0-day vulnerability that caused a havoc on the internet . The website is vulnerable to Log4j & so we’re able to exploit it and get a shell on the box . We find a .dockerenv file in the / directory which indicates we are on a docker container. To obtain the root flag , we mount the /dev/xvda1 disk partition since it contains the entire filesystem(/) to access all the files ....

Description This is a machine that allows you to practise web app hacking and privilege escalation using recent vulnerabilities. You’ve identified that the CMS installed on the web server has several vulnerabilities that allow attackers to enumerate users and change account passwords. Your mission is to exploit these vulnerabilities and compromise the web server. Room name CMSpit OS Linux Difficulty Medium Room Link https://tryhackme.com/room/cmspit Creator stuxnet Recon Portscan sh3bu@VM:~/thm/cmspit$ rustscan -a cmspit....

Description A box involving encrypted archives, source code analysis and more. Room name Cyborg OS Linux Difficulty Easy Room Link https://tryhackme.com/room/cyborgt8 Creator fieldraccoon Enumeration Portscan ┌──(root💀kali)-[~/Cyborg] └─# rustscan -a cyborg.thm -- -sV -sC -oN cyborg.nmap # Nmap 7.92 scan initiated Sat Jan 22 10:09:17 2022 as: nmap -vvv -p 22,80 -sV -sC -oN cyborg.nmap 10.10.194.216 Nmap scan report for cyborg.thm (10.10.194.216) Host is up, received echo-reply ttl 63 (0.25s latency). Scanned at 2022-01-22 10:09:19 EST for 15s PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 7....