Today I gave a service consultant access to one of my AWS servers. I have a few files on the server that I was reluctant to share with the service consultant because these files contain sensitive personal data. Python is my default way to solve these types of problems. Naturally, I wondered how to encrypt … Read more
🔐 How I used a remote file inclusion vulnerability to hack and root the Terminator’s computer CHALLENGE OVERVIEW BACKGROUND In this walkthrough, we will root a terminator-themed capture-the-flag (CTF) challenge box. IPs ENUMERATION NMAP SCAN RESULTS Starting Nmap 7.92 ( https://nmap.org ) at 2023-01-23 18:33 EST Stats: 0:00:02 elapsed; 0 hosts completed (1 up), 1 … Read more
CHALLENGE OVERVIEW BACKGROUND In this Linux capture-the-flag (CTF) challenge we are tasked with hacking into a game review website’s server and finding a way to gain root privileges. Let’s go! IPs ENUMERATION/RECON Let’s kick things off with our standard nmap and dirb scans. We’ll let these run while we go ahead and walk the website … Read more
CHALLENGE OVERVIEW BACKGROUND In this walkthrough, we will continue to build on our work in Hackpark I, but this time we will solve the box again without Metasploit. The general approach will be to use winpeas to automate local enumeration of the server. We’ll review the results of winpeas and continue our privilege escalation by … Read more
CHALLENGE OVERVIEW BACKGROUND In this box, we will hack into a windows machine using standard pen-testing tools. There are two options for solving the box. I’ll demonstrate in this post how to hack into the box with metasploit. In the upcoming Hackpark Part II post, I’ll show how to find the flags without using metasploit. … Read more
BOX OVERVIEW PREMISE This is the third and final installment of the Overpass challenges on TryHackMe. Here are the other two overpass walkthroughs, just in case you missed them: In today’s challenge, the team of comp-sci students is at it again with a new website hosting company. However, they haven’t learned much yet about security. … Read more
Backdoors are malicious pieces of software that allow attackers to access computers without authorization and bypass security measures. They can control computers remotely, steal data, and bypass safety protocols. Challenge Overview 👉 Recommended Tutorial: How I Hacked a PW Manager (TryHackMe Overpass 1) PART 1 – FORENSICS Part one of this box can be completed … Read more
Port forwarding is a networking technique that allows a user to access services on a computer or network behind a firewall or router. It opens up specific ports on a computer or network to allow external devices to connect and access services and applications on the internal network. Challenge Overview RECON Let’s start by noting … Read more
Network File System (NFS) is a file-sharing protocol used to allow computers on a network to access and share files over a network. It allows multiple users to access the same files on a remote system as if they were local files on their own computers. NFS is an important part of many enterprise networks, … Read more
PREMISE The premise of the box is that a group of computer science students has created a password encryption/decryption tool. 👉 “What happens when a group of broke Computer Science students try to make a password manager? Obviously a perfect commercial success!” We are tasked with hacking our way into their server as the root … Read more
In this Capture the Flag (CTF) challenge walkthrough, I’ll hack into a windows service called Jenkins, find a way to carry out Remote Command Execution (RCE) by using Metasploit to gain access to the box and escalate my privileges to the NT AUTHORITY/SYSTEM, which is the equivalent of root on a Windows machine. ⚔️ Challenge: … Read more
In this CTF (Capture the Flag) walkthrough, we will be working through the TryHackMe challenge, Git Happens! If you don’t want any spoilers, I’d recommend trying out this free hacking challenge first before reading any further. You can also watch the video where I’ll walk you through the whole challenge: We’ll be hacking into a … Read more