Browsed by
Tag: thm

Daily Bugle — Write-up

Daily Bugle — Write-up

Challenge Link: https://tryhackme.com/room/dailybugle Daily Bugle is a Spiderman themed box on TryHackMe. It requires some knowledge of SQLi, basic enumeration, password cracking and privilege escalation. This box is rated hard — primarily due to the relative inconsistency of the SQL injection required to get initial access. Let’s begin. Initial Enumeration: As per usual, we’re going to start with a quick nmap scan of this box. Use the following command to see what we’ve got available to us: Great — we…

Read More Read More

Bebop — Write-up

Bebop — Write-up

Challenge Link: https://tryhackme.com/room/bebop Bebop is a quick box that exemplifies exactly how insecure some drone operating systems are. This box shouldn’t take very long to root — it’s really not particularly challenging (which is slightly worrying given it’s based off real drone software). Of much more interest is the overarching concept: drone hacking. If you haven’t already watched the video embedded into the THM room, I would highly recommend it; it’s really interesting (and hilarious in places). I’ll include an…

Read More Read More

Madness — Write-up

Madness — Write-up

Challenge Link: https://tryhackme.com/room/madness Madness: the CTF Challenge from Optional that is true to its name. This room is infuriating; but all the more fun because of it. Madness is ranked as being easy, which is apt because as far as hacking techniques go, this box isn’t hugely difficult. In terms of puzzles, on the other hand… Well, let’s just say that Optional is an evil genius. If you would prefer to do the puzzles by yourself then I would suggest…

Read More Read More

LazyAdmin — Write-up

LazyAdmin — Write-up

Challenge Link: https://tryhackme.com/room/lazyadmin LazyAdmin is a Linux challenge box on TryHackMe. Written by MrSeth6797, this room is designed to be a relatively relaxed challenge to practice with. There is nothing particularly unusual or extreme about the LazyAdmin box — which is exactly how it should be for a gentle practice challenge. Let’s get started! Enumeration: The first stage of this challenge is, as normal, enumeration. We’ll start by running a pretty standard nmap scan to see what ports are open…

Read More Read More

TryHackMe Christmas 2019 Challenge Write-up

TryHackMe Christmas 2019 Challenge Write-up

Challenge Link: https://tryhackme.com/room/25daysofchristmas Day One — Inventory Management: The first part of the Christmas 2019 challenge on TryHackMe is a web application that’s vulnerable to cookie hijacking. The challenge comes with a Google Doc which covers the basics of how websites are run and how cookies work. If you’re struggling, I would suggest reading that first. So, the first challenge: If you deploy the provided VM and navigate to the URL (http://<your_machines_ip>:3000), you will be shown a login screen asking for a…

Read More Read More

Retro — Write-up

Retro — Write-up

Challenge Link: https://tryhackme.com/room/retro Retro is a box from Darkstar7471 consisting of a virtual machine running a windows web server. We’re tasked with enumerating, gaining access and escalating our privileges. This write up is a snapshot from my full THM Advent Challenges write up. Let’s get started! Enumeration: If you try to enumerate this machine, you’ll notice the first of Darkstar’s little challenges designed to make this more difficult. The VM will not respond to ping requests, and will always appear…

Read More Read More

Scroll Up