[TryHackMe] Marketplace Walkthrough – How I Pulled Off a Cookie Heist to Become an Admin of the Target Website

CHALLENGE OVERVIEW BACKGROUND In this box, we are tasked with pen-testing an internal server to check for bugs before releasing it to the public. Judging by the tags on this box, we will execute some cross-site scripting and pull off a bit of SQL command injection. Let’s get started! ENUMERATION/RECON export myIP=10.10.129.195 export targetIP=10.10.163.156 💡 … Read more

TryHackMe Linux PrivEsc – Magical Linux Privilege Escalation (2/2)

CHALLENGE OVERVIEW BACKGROUND Welcome back to part II of this Linux privilege escalation series. You can find part 1 of this mini-series here: 👉 Recommended: TryHackMe Linux PrivEsc – Magical Linux Privilege Escalation (1/2) In this tutorial, we’ll try some additional “magical” methods of gaining root access in tasks 11-21. Buckle in, and let’s get … Read more

Enum4Linux – Foothold Into the Target Machine (TryHackMe)

💡 Enum4linux is a software utility designed to extract information from both Windows and Samba systems. Its primary objective is to provide comparable functionality to the now-defunct enum.exe tool, which was previously accessible at www.bindview.com. Enum4linux is coded in PERL and essentially functions as an interface for the Samba toolset, including smbclient, rpclient, net, and … Read more

TryHackMe – How I Used WPScan to Extract Login Credentials (WordPress)

CHALLENGE OVERVIEW BACKGROUND This CTF challenge is another blackbox-style pentest where we don’t know anything about our target other than the IP address. We will have to discover ports and services running on the server with our standard pentesting tools like nmap and dirb scan. We also don’t have any inside information about the backend … Read more

TryHackMe Linux PrivEsc – Magical Linux Privilege Escalation (1/2)

CHALLENGE OVERVIEW BACKGROUND Using different exploits to compromise operating systems can feel like magic (when they work!). In this walkthrough, you will see various “magical” ways that Linux systems can be rooted. These methods rely on the Linux system having misconfigurations that allow various read/write/execute permissions on files that should be better protected. In this … Read more

Road Walkthrough TryHackMe – A Black Box Pentesting Challenge

CHALLENGE OVERVIEW BACKGROUND 💬 What is black box pentesting? The term black box refers to a challenge where only the target machine IP is known to the penetration tester. Nothing else about the server is disclosed to the attacker, so everything must be discovered during the enumeration stage. On the other end of the spectrum … Read more

EzpzShell: An Easy-Peasy Python Script That Simplifies Revshell Creation

EzpzShell = “Easy Peasy Shell” 👉 EzpzShell GitHub: https://github.com/H0j3n/EzpzShell WHAT IS EzpzShell? EzpzShell is a Python script that helps to streamline the revshell payload and listener creation process for ethical hackers, pentesters, and CTF gamers. There are many file types available, and it outputs several different payload options to choose from, letting you pick the … Read more

How I Set Up My Virtual Hacking Laboratory for Safe and Legal Penetration Testing

BACKGROUND If you are curious about offensive security or penetration testing (pentesting), setting up your own virtual hacking lab is a good first step towards ensuring that you have a safe and legal way to practice as you train yourself on various ethical hacking tools and applications. Also, as an extra benefit, there are hundreds of … Read more

TryHackMe: Relevant Made Easy (Walkthrough & Video)

How I Hacked a Win Server Using Printspoofer CHALLENGE OVERVIEW BACKGROUND This is another blackbox-style CTF challenge. 👉 Recommended: TryHackMe Daily Bugle Made Easy – A Helpful Walkthrough with Hacking Video We go into the pentest without any prior knowledge of our target. We are only provided the IP address and will need to do … Read more

TryHackMe Daily Bugle Made Easy – A Helpful Walkthrough with Hacking Video

CHALLENGE OVERVIEW BACKGROUND This box is another black-box-style challenge with a few extra guiding questions. We learn that the “Daily Bugle” reports front-page news about Spiderman robbing a bank. It’s our job to hack into the system to recover the user + root flags. The tags joomla, sqli, and yum also point us in the … Read more