This article will cover on room of TryHackMe. This was a easy room meant to let you train LFI (Local File Inclusion). If you don’t know what LFI is please go back to the training page and read the articles, or click here. Enumeration Usually when it comes to CTFs or this type of machines I like running nmap to see what are the available port. As you can see on the image bellow we have two ports open – Port 80 and Port 22. Well port 80 is associated with web applications so lets see what we have there. Bare in mind that this is an LFI task so…
-
-
Armageddon Write Up – Hack The Box
Enumeration The start step for this box is as usual. I am using nmap to check which ports are open and what services are there. As it can be seen from the picture above there are two ports open. My method is to start on port 80. From the scan results it can be seen that there is an Apache server that runs and Drupal version 7. Also we ca see several file locations. That is a lot of information from a single scan. Foothold After some googling I found that Drupal 7 can be exploited with a metasploit module. That is awesome! The module that needs to be used…
-
Spectra Write Up – Hack The Box
Enumeration The start step for this box is as usual. I am using nmap to check which ports are open and what services are there. As you can see there are several ports open. In general I start my recon from port 80. Port 80 means that there is some kind of a web page. Usually from previous experience I edited my /etc/hosts file to add spectra.htb. At first glance at the page … well it does not give a lot of information. There are 2 links and of course the rule is “Click all links” so I did that. I run also dirbuster in the background because one of…
-
Passwords for the different writeups!
Are you stuck on some box on HTB? Do you want to have access to all the write-ups ? Answer to the Ultimate Question of Life, the Universe, and Everything! Good luck!
-
Tabby Write Up – Hack The Box
Enumeration First I started with the enumeration of the box. A simple nmap scan with a command gave me the result: Initial Foothold: From the nmap results we can see that there are 3 ports open: 22, 80, 8080. We can also see that on port 8080 there is a Tomcat server running. The website on port 80: The website on port 8080: After clicking on all the links on the port 80 website I found something interesting. From here you need to do some steps. First add megahosting.htb to the /etc/hosts After that is done we can see that we have the possibility for LFI. I ususally try to…
-
Traceback Writeup – Hack The Box
Initial Foothold: As usual the first thing to do when starting on a new box is to run a scan and see what we have to work with. As you can see from the image above we have two ports open. Port 22 and Port 80. Lets take a look what port 80 has to offer. Looks like a webpage without any links. My next step was to check the source code of the page. From this we can take away that there is a backdoor left open and that the hacker name is Xh4H. So google here I come. Google led me to a twitter post which led me…
-
Blunder Writeup – Hack The Box
Initial Foothold: Hello everyone. Today we are going to work on Blunder. As always the first step is Recon! Time to see what ports do we have open on that box. In the picture bellow you can see the nmap command I used. Well we have only one open port and that is port 80. This scan shows us also the server version and some headers. Usually when I am on a box with open port 80 I like to visit the page and see what it contains. OK … that is what we have. A page with articles. My clicking on the links we just go to more detail…
-
Reverse Shell vs Bind Shell
Reverse Shell Hello guys and girls. This post will just explain the difference between this two types of shell. In a later post I will provide a demo, that you can follow along. This shell is initiated from the target host to the attacker’s machine. The attackers machine should be into listening state to be able to pick up the shell connection. Why use reverse shell and not bind shell? Well reverse shells solve several issues that can be encountered. With reverse shells there is no need of a listener on the target machine. This type of shells can use commonly used and open ports like 80 or 443 –…
-
PHPJuggler – #Virseccon2020
For this challenge, the initial start is pretty obvious, or at least i think so. The first thing we see when we upload the webpage is the image that you see above, which contains two pieces of code. Thats our first clue. The second clue is the name of the challenge. So let the research start. I will not go into detail and will just show you the solution, however I will post links in the end of this post so you can read by yourself and, understand what and how it works. When I do a web challenges I like to examine the page. As I mentioned above we…
-
Countdown – #Virseccon2020
By the name of the challenge we can guess that the solution will involve some kind of time. We don’t have so much to go with in the beginning. We have a webpage with a button on it. When we click the button we are send to another page that say the thing has exploded. How did I approach this. Use Burp Suite to intercept the get request. If we examine this screen we can see that the name of the cookie is pretty specific (“detonate_time) , and as I mentioned in the beginning in my head the solution had something to do with timing. If we click on the…
