CHALLENGE OVERVIEW BACKGROUND In this box, we are tasked with pen-testing an internal server to check for bugs before releasing it to the public. Judging by the tags on this box, we will execute some cross-site scripting and pull off a bit of SQL command injection. Let’s get started! ENUMERATION/RECON export myIP=10.10.129.195 export targetIP=10.10.163.156 💡 … Read more
CHALLENGE OVERVIEW The goal of the challenge is to gain root access (Windows Server) to two text files, user.txt and root.txt, by manually invoking privilege escalation to root via RDP. There are two methods to achieve this. The first involves hijacking a 404.php page on a WordPress site to spawn a reverse meterpreter shell. The … Read more
CHALLENGE OVERVIEW BACKGROUND In this tutorial, we will walk a simple website showing pictures of dogs and cats. We’ll discover a directory traversal vulnerability that we can leverage to view sensitive files on the target machine. At the end of this challenge, we will break out of a docker container in order to capture the … Read more
CHALLENGE OVERVIEW BACKGROUND Welcome back to part II of this Linux privilege escalation series. You can find part 1 of this mini-series here: 👉 Recommended: TryHackMe Linux PrivEsc – Magical Linux Privilege Escalation (1/2) In this tutorial, we’ll try some additional “magical” methods of gaining root access in tasks 11-21. Buckle in, and let’s get … Read more
💡 Enum4linux is a software utility designed to extract information from both Windows and Samba systems. Its primary objective is to provide comparable functionality to the now-defunct enum.exe tool, which was previously accessible at www.bindview.com. Enum4linux is coded in PERL and essentially functions as an interface for the Samba toolset, including smbclient, rpclient, net, and … Read more
CHALLENGE OVERVIEW BACKGROUND This CTF challenge is another blackbox-style pentest where we don’t know anything about our target other than the IP address. We will have to discover ports and services running on the server with our standard pentesting tools like nmap and dirb scan. We also don’t have any inside information about the backend … Read more
CHALLENGE OVERVIEW BACKGROUND Using different exploits to compromise operating systems can feel like magic (when they work!). In this walkthrough, you will see various “magical” ways that Linux systems can be rooted. These methods rely on the Linux system having misconfigurations that allow various read/write/execute permissions on files that should be better protected. In this … Read more
CHALLENGE OVERVIEW BACKGROUND 💬 What is black box pentesting? The term black box refers to a challenge where only the target machine IP is known to the penetration tester. Nothing else about the server is disclosed to the attacker, so everything must be discovered during the enumeration stage. On the other end of the spectrum … Read more
How I Hacked a Win Server Using Printspoofer CHALLENGE OVERVIEW BACKGROUND This is another blackbox-style CTF challenge. 👉 Recommended: TryHackMe Daily Bugle Made Easy – A Helpful Walkthrough with Hacking Video We go into the pentest without any prior knowledge of our target. We are only provided the IP address and will need to do … Read more
CHALLENGE OVERVIEW BACKGROUND This box is another black-box-style challenge with a few extra guiding questions. We learn that the “Daily Bugle” reports front-page news about Spiderman robbing a bank. It’s our job to hack into the system to recover the user + root flags. The tags joomla, sqli, and yum also point us in the … Read more
🔐 How I used a remote file inclusion vulnerability to hack and root the Terminator’s computer CHALLENGE OVERVIEW BACKGROUND In this walkthrough, we will root a terminator-themed capture-the-flag (CTF) challenge box. IPs ENUMERATION NMAP SCAN RESULTS Starting Nmap 7.92 ( https://nmap.org ) at 2023-01-23 18:33 EST Stats: 0:00:02 elapsed; 0 hosts completed (1 up), 1 … Read more
CHALLENGE OVERVIEW BACKGROUND In this Linux capture-the-flag (CTF) challenge we are tasked with hacking into a game review website’s server and finding a way to gain root privileges. Let’s go! IPs ENUMERATION/RECON Let’s kick things off with our standard nmap and dirb scans. We’ll let these run while we go ahead and walk the website … Read more