This article will cover on room of TryHackMe. This was a easy room meant to let you train LFI (Local File Inclusion). If you don’t know what LFI is please go back to the training page and read the articles, or click here. Enumeration Usually when it comes to CTFs or this type of machines I like running nmap to see what are the available port. As you can see on the image bellow we have two ports open – Port 80 and Port 22. Well port 80 is associated with web applications so lets see what we have there. Bare in mind that this is an LFI task so…
-
-
Blunder Writeup – Hack The Box
Initial Foothold: Hello everyone. Today we are going to work on Blunder. As always the first step is Recon! Time to see what ports do we have open on that box. In the picture bellow you can see the nmap command I used. Well we have only one open port and that is port 80. This scan shows us also the server version and some headers. Usually when I am on a box with open port 80 I like to visit the page and see what it contains. OK … that is what we have. A page with articles. My clicking on the links we just go to more detail…
-
Protection ByPass and Brute Force attack – Bludit v. 3.9.2
So this post will describe a how to bypass protection in Bludit CMS v. 3.9.2 that is if you have a username. After managing to find the password I will discuss what metasploit module can help you to get a reverse shell. So, lets begin. If we check the documentation that Bludit provides we can see how they are preventing brute force attacks. Here is a screenshot and the link if you want to read through the whole documentation. https://docs.bludit.com/en/security/brute-force-protection After some googling I found a script that I just edited. I will post the script here and the link to the original article. https://rastating.github.io/bludit-brute-force-mitigation-bypass/ What you will need to…
-
Reverse Shell vs Bind Shell
Reverse Shell Hello guys and girls. This post will just explain the difference between this two types of shell. In a later post I will provide a demo, that you can follow along. This shell is initiated from the target host to the attacker’s machine. The attackers machine should be into listening state to be able to pick up the shell connection. Why use reverse shell and not bind shell? Well reverse shells solve several issues that can be encountered. With reverse shells there is no need of a listener on the target machine. This type of shells can use commonly used and open ports like 80 or 443 –…
-
Magician – #Virseccon2020
Wow lets do some magic! For this challenge we are presented with an input field a submit button and some kind of comparison in the button. I will go through my thought process instead of going directly to the solution because I think some of the things I did can be used in enumeration in the future. First I took a look what 0e953532678923638053842468642408 is. I used Hash Analyzer provided by https://www.tunnelsup.com/hash-analyzer/ The result was that this hash is an MD5 or MD4. Because we see the ‘ == ‘ that means that some comparison will be done. After playing with the input I discovered that there is a function…
-
Mango WriteUp – HackTheBox
Enumeration: Enumeration is pretty important as we all know. So the first thing we do is run an nmap scan to see which ports are open and what is running on that machine. We can see that we have 3 ports that are open – 80, 443 and 22. Initial Foothold: For me the start of this box was hell. It was like that because I didn’t look close enough in the nmap results. So I needed to ask on the discord chat for help. But let me explain. By examining all the ports we can see that we have an http server on port 80. If you try to…
