Browsed by
Category: Write-up

Year of the Jellyfish — Write-up

Year of the Jellyfish — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/yearofthejellyfish It feels like it’s been a long time since I’ve written anything here, so it’s good to get writing again in amongst the busyness of university mixed with ZeroPoint Security’s RTO course. This post contains the official walkthrough for the latest New Year box: Year of the Jellyfish. Following on from Year of the Owl, this box is designed to be in a very similar style to the enumeration-focus of the OSCP exam (although to the…

Read More Read More

Year of the Owl — Write-up

Year of the Owl — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/yearoftheowl Year of the Owl follows on from Year of the Dog as the next in the New Year series. It is the first Windows box in the series, and is currently rated hard. Like many of my other boxes, Year of the Owl is inactively themed — kudos if you can guess what it’s based on! As my first Windows box, you can think of Year of the Owl as being something of a warm-up (hence…

Read More Read More

Year of the Dog — Write-up

Year of the Dog — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/yearofthedog Another room, another write-up. Year of the Dog is the next box in my New Year series, following on from the Year of the Pig. As with Year of the Pig, this box is designed vaguely with preparation for a certain exam in mind; however, this box requires knowledge slightly in excess of what is offered by the training material for said certification. As a result, I hope that it allows for an extension of that…

Read More Read More

0day — Writeup

0day — Writeup

TryHackMe Challenge Link: http://tryhackme.com/room/0day “0day” is a room conceived and built primarily by TryHackMe’s very own 0day, with a little help from myself in the execution, troubleshooting and provision of a writeup. This is a great little box designed to demonstrate the dangers of not frequently updating your servers! Both of the vulnerabilities demonstrated in this room cover topics that are not commonly seen on TryHackMe, so hopefully you’ll enjoy the box! Enumeration Let’s begin, as usual, with a scan…

Read More Read More

Year of the Pig — Write-up

Year of the Pig — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/yearofthepig Year of the Pig follows Year of the Fox as the next in my series of New Year boxes. Whilst a fully original box, it is designed to serve as practice for a certain certification I may or may not have recently finished the training for… Year of the Pig is inactively themed, with a variety of easter-eggs hidden throughout the box. Kudos if you can guess the basis! Without further ado, let’s get into the…

Read More Read More

Year of the Fox — Write-up

Year of the Fox — Write-up

TryHackMe Challenge Link: https://tryhackme.com/yotf Year of the Fox is the second box in what is now my New Year series of challenge boxes. Following on from Year of the Rabbit, this box is a lot harder, and will require knowledge across a variety of different areas. This box was initially used in a celebratory competition marking the first 100,000 members on the TryHackMe platform, and is now a standalone box on the site. The writeup was also published on the…

Read More Read More

Tomghost — Write-up

Tomghost — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/tomghost Tomghost is an interesting CTF from Stuxnet; it has rather an unusual section after gaining RCE, which makes for a nice break from standard CTF challenges. In this room we’ll be exploiting a vulnerability in Ghostcat and exploring ASCII armour protected PGP encryption keys, followed by a nice easy privilege escalation up to root. Let’s begin! Enumeration: We begin, as always, with enumeration of the machine. Let’s start with an nmap scan: Great, so, we have…

Read More Read More

Jack-of-All-Trades — Write-up

Jack-of-All-Trades — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/jackofalltrades Jack-of-All-Trades is my very first CTF challenge box. It was created for the Securi-Tay conference run on the 28th of February, 2020 by the UAD Hacksoc. As you play through this box you will find many references to penguins. This will not make much sense to anyone who didn’t attend the conference, so allow me to explain before we get started in earnest. The theme of the 2020 Securi-Tay conference revolved around the infamous Dundee penguins….

Read More Read More

Inclusion — Write-up

Inclusion — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/inclusion Inclusion is a really nice introduction to Local File Inclusion. The room is written by falconfeast, or mzfr as he’s otherwise known. This will be a quick write-up, but hopefully it will make clear anything that you might be struggling with in this room. As a bonus, I’ll also include the really quick, unintended method at the end of this write-up, but please, do it the intended way first. Let’s get started! Enumeration: Well worth doing…

Read More Read More

Year of the Rabbit — Write-up

Year of the Rabbit — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/yearoftherabbit Year of the Rabbit is the second box I built; and was originally designed to accompany my workshop on CTF creation, first presented on the 11th of March 2020 to the UAD Ethical Hacking society. Now that Year of the Rabbit has been made public, I am also releasing this post as the official write-up. Let’s get started! Enumeration: As always, we first need to perform some initial enumeration on the box. Get nmap up and…

Read More Read More