Note Taking and Write-ups

Note Taking and Write-ups

Introduction: This is just going to be a quick post detailing my personal preferences for documentation in the hope that it may help a few people get started with write-ups, and perhaps introduce you to some great software! We’ll start by looking at a couple of pieces of software (Cherrytree and Flameshot) which, frankly, I couldn’t recommend more; then briefly discuss a few tips for writeups and documentation as a whole. Let’s start with the software. Software: Cherrytree Cherrytree is…

Read More Read More

CherryBlossom CTF — Write-up

CherryBlossom CTF — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/cherryblossom CherryBlossom is my fourth CTF Challenge Box. It focuses heavily on cryptography and file manipulation, but also contains lateral movement and a privesc once the machine itself is compromised. Let’s begin. Initial Enumeration: We start, as always, with an nmap scan to see what services we have available to us: Three open ports, all standard. We have SSH running on Port 22 — there’s nothing we can do with this for now; not without at least…

Read More Read More

Daily Bugle — Write-up

Daily Bugle — Write-up

Challenge Link: https://tryhackme.com/room/dailybugle Daily Bugle is a Spiderman themed box on TryHackMe. It requires some knowledge of SQLi, basic enumeration, password cracking and privilege escalation. This box is rated hard — primarily due to the relative inconsistency of the SQL injection required to get initial access. Let’s begin. Initial Enumeration: As per usual, we’re going to start with a quick nmap scan of this box. Use the following command to see what we’ve got available to us: Great — we…

Read More Read More

RSA Encryption

RSA Encryption

Introduction: RSA (short for Rivest–Shamir–Adleman — named after its creators) is an asymmetric public-key encryption system that is very commonly used in real world applications. Despite its age (having been released in 1977), RSA encryption is still one of the most widely used asymmetric encryption algorithms in use today. Interestingly, it seems that an equivalent algorithm to RSA was created at GCHQ by James Ellis, Clifford Cocks, and Malcolm Williamson four years previously in 1973. I learnt the theory behind RSA encryption…

Read More Read More

Bebop — Write-up

Bebop — Write-up

Challenge Link: https://tryhackme.com/room/bebop Bebop is a quick box that exemplifies exactly how insecure some drone operating systems are. This box shouldn’t take very long to root — it’s really not particularly challenging (which is slightly worrying given it’s based off real drone software). Of much more interest is the overarching concept: drone hacking. If you haven’t already watched the video embedded into the THM room, I would highly recommend it; it’s really interesting (and hilarious in places). I’ll include an…

Read More Read More

Madness — Write-up

Madness — Write-up

Challenge Link: https://tryhackme.com/room/madness Madness: the CTF Challenge from Optional that is true to its name. This room is infuriating; but all the more fun because of it. Madness is ranked as being easy, which is apt because as far as hacking techniques go, this box isn’t hugely difficult. In terms of puzzles, on the other hand… Well, let’s just say that Optional is an evil genius. If you would prefer to do the puzzles by yourself then I would suggest…

Read More Read More

LazyAdmin — Write-up

LazyAdmin — Write-up

Challenge Link: https://tryhackme.com/room/lazyadmin LazyAdmin is a Linux challenge box on TryHackMe. Written by MrSeth6797, this room is designed to be a relatively relaxed challenge to practice with. There is nothing particularly unusual or extreme about the LazyAdmin box — which is exactly how it should be for a gentle practice challenge. Let’s get started! Enumeration: The first stage of this challenge is, as normal, enumeration. We’ll start by running a pretty standard nmap scan to see what ports are open…

Read More Read More

TryHackMe Christmas 2019 Challenge Write-up

TryHackMe Christmas 2019 Challenge Write-up

Challenge Link: https://tryhackme.com/room/25daysofchristmas This write-up was originally published on my Medium account: https://medium.com/@MuirlandOracle/thm-christmas-2019-challenge-write-up-72391085e1de? Day One — Inventory Management: The first part of the Christmas 2019 challenge on TryHackMe is a web application that’s vulnerable to cookie hijacking. The challenge comes with a Google Doc which covers the basics of how websites are run and how cookies work. If you’re struggling, I would suggest reading that first. So, the first challenge: If you deploy the provided VM and navigate to the URL (http://<your_machines_ip>:3000),…

Read More Read More

Retro — Write-up

Retro — Write-up

Challenge Link: https://tryhackme.com/room/retro Retro is a box from Darkstar7471 consisting of a virtual machine running a windows web server. We’re tasked with enumerating, gaining access and escalating our privileges. This write up is a snapshot from my full THM Advent Challenges write up. Let’s get started! Enumeration: If you try to enumerate this machine, you’ll notice the first of Darkstar’s little challenges designed to make this more difficult. The VM will not respond to ping requests, and will always appear…

Read More Read More

Scroll Up