Browsed by
Tag: challenge

Year of the Jellyfish — Write-up

Year of the Jellyfish — Write-up

Comments 3 Comments

TryHackMe Challenge Link: https://tryhackme.com/room/yearofthejellyfish It feels like it’s been a long time since I’ve written anything here, so it’s good to get writing again in amongst the busyness of university mixed with ZeroPoint Security’s RTO course. This post contains the official walkthrough for the latest New Year box: Year of the Jellyfish. Following on from Year of the Owl, this box is designed to be in a very similar style to the enumeration-focus of the OSCP exam (although to the…

Read More Read More

Seaplane Header
Year of the Pig — Write-up

Year of the Pig — Write-up

Comments 0 Comment

TryHackMe Challenge Link: https://tryhackme.com/room/yearofthepig Year of the Pig follows Year of the Fox as the next in my series of New Year boxes. Whilst a fully original box, it is designed to serve as practice for a certain certification I may or may not have recently finished the training for… Year of the Pig is inactively themed, with a variety of easter-eggs hidden throughout the box. Kudos if you can guess the basis! Without further ado, let’s get into the…

Read More Read More

Jack-of-All-Trades — Write-up

Jack-of-All-Trades — Write-up

Comments 0 Comment

TryHackMe Challenge Link: https://tryhackme.com/room/jackofalltrades Jack-of-All-Trades is my very first CTF challenge box. It was created for the Securi-Tay conference run on the 28th of February, 2020 by the UAD Hacksoc. As you play through this box you will find many references to penguins. This will not make much sense to anyone who didn’t attend the conference, so allow me to explain before we get started in earnest. The theme of the 2020 Securi-Tay conference revolved around the infamous Dundee penguins….

Read More Read More

Year of the Rabbit — Write-up

Year of the Rabbit — Write-up

Comments 2 Comments

TryHackMe Challenge Link: https://tryhackme.com/room/yearoftherabbit Year of the Rabbit is the second box I built; and was originally designed to accompany my workshop on CTF creation, first presented on the 11th of March 2020 to the UAD Ethical Hacking society. Now that Year of the Rabbit has been made public, I am also releasing this post as the official write-up. Let’s get started! Enumeration: As always, we first need to perform some initial enumeration on the box. Get nmap up and…

Read More Read More

THM-Header
NoName CTF — Write-up

NoName CTF — Write-up

Comments 0 Comment

TryHackMe Challenge Link: https://tryhackme.com/room/nonamectf NoName CTF is a great little CTF from stuxnet. It provides a really nice introduction to some often lesser-used topics in challenge boxes, including SSTI and BOF, making this a perfect box to get some practice in on! Without further ado, let’s begin! Enumeration As per normal, we’re going to begin this challenge with an nmap scan: We’ve got four ports open here. Nothing unusual about port 22 — just SSH as normal. We can’t bruteforce that…

Read More Read More

Willow CTF — Write-up

Willow CTF — Write-up

Comments 0 Comment

TryHackMe Challenge Link: https://tryhackme.com/room/willow Willow is the third box I’ve written, but the second to be publicly released. The first two — Jack-Of-All-Trades and Year of the Rabbit — were both designed for specific events, but they will hopefully be released on TryHackMe in due course. This particular box was designed when I was in a very specific frame of mind, which is reflected in the slightly ethereal nature of the theme. Brownie points if anyone can identify where the…

Read More Read More

CherryBlossom CTF — Write-up

CherryBlossom CTF — Write-up

Comments 1 Comment

TryHackMe Challenge Link: https://tryhackme.com/room/cherryblossom CherryBlossom is my fourth CTF Challenge Box. It focuses heavily on cryptography and file manipulation, but also contains lateral movement and a privesc once the machine itself is compromised. Let’s begin. Initial Enumeration: We start, as always, with an nmap scan to see what services we have available to us: Three open ports, all standard. We have SSH running on Port 22 — there’s nothing we can do with this for now; not without at least…

Read More Read More

THM-Header
Daily Bugle — Write-up

Daily Bugle — Write-up

Comments 3 Comments

Challenge Link: https://tryhackme.com/room/dailybugle Daily Bugle is a Spiderman themed box on TryHackMe. It requires some knowledge of SQLi, basic enumeration, password cracking and privilege escalation. This box is rated hard — primarily due to the relative inconsistency of the SQL injection required to get initial access. Let’s begin. Initial Enumeration: As per usual, we’re going to start with a quick nmap scan of this box. Use the following command to see what we’ve got available to us: Great — we…

Read More Read More

THM-Header
Retro — Write-up

Retro — Write-up

Comments 0 Comment

Challenge Link: https://tryhackme.com/room/retro Retro is a box from Darkstar7471 consisting of a virtual machine running a windows web server. We’re tasked with enumerating, gaining access and escalating our privileges. This write up is a snapshot from my full THM Advent Challenges write up. Let’s get started! Enumeration: If you try to enumerate this machine, you’ll notice the first of Darkstar’s little challenges designed to make this more difficult. The VM will not respond to ping requests, and will always appear…

Read More Read More