Browsed by
Category: Write-up

0day — Writeup

0day — Writeup

TryHackMe Challenge Link: http://tryhackme.com/room/0day “0day” is a room conceived and built primarily by TryHackMe’s very own 0day, with a little help from myself in the execution, troubleshooting and provision of a writeup. This is a great little box designed to demonstrate the dangers of not frequently updating your servers! Both of the vulnerabilities demonstrated in this room cover topics that are not commonly seen on TryHackMe, so hopefully you’ll enjoy the box! Enumeration Let’s begin, as usual, with a scan…

Read More Read More

Year of the Pig — Write-up

Year of the Pig — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/yearofthepig Year of the Pig follows Year of the Fox as the next in my series of New Year boxes. Whilst a fully original box, it is designed to serve as practice for a certain certification I may or may not have recently finished the training for… Year of the Pig is inactively themed, with a variety of easter-eggs hidden throughout the box. Kudos if you can guess the basis! Without further ado, let’s get into the…

Read More Read More

Year of the Fox — Write-up

Year of the Fox — Write-up

TryHackMe Challenge Link: https://tryhackme.com/yotf Year of the Fox is the second box in what is now my New Year series of challenge boxes. Following on from Year of the Rabbit, this box is a lot harder, and will require knowledge across a variety of different areas. This box was initially used in a celebratory competition marking the first 100,000 members on the TryHackMe platform, and is now a standalone box on the site. The writeup was also published on the…

Read More Read More

Tomghost — Write-up

Tomghost — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/tomghost Tomghost is an interesting CTF from Stuxnet; it has rather an unusual section after gaining RCE, which makes for a nice break from standard CTF challenges. In this room we’ll be exploiting a vulnerability in Ghostcat and exploring ASCII armour protected PGP encryption keys, followed by a nice easy privilege escalation up to root. Let’s begin! Enumeration: We begin, as always, with enumeration of the machine. Let’s start with an nmap scan: Great, so, we have…

Read More Read More

Jack-of-All-Trades — Write-up

Jack-of-All-Trades — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/jackofalltrades Jack-of-All-Trades is my very first CTF challenge box. It was created for the Securi-Tay conference run on the 28th of February, 2020 by the UAD Hacksoc. As you play through this box you will find many references to penguins. This will not make much sense to anyone who didn’t attend the conference, so allow me to explain before we get started in earnest. The theme of the 2020 Securi-Tay conference revolved around the infamous Dundee penguins….

Read More Read More

Inclusion — Write-up

Inclusion — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/inclusion Inclusion is a really nice introduction to Local File Inclusion. The room is written by falconfeast, or mzfr as he’s otherwise known. This will be a quick write-up, but hopefully it will make clear anything that you might be struggling with in this room. As a bonus, I’ll also include the really quick, unintended method at the end of this write-up, but please, do it the intended way first. Let’s get started! Enumeration: Well worth doing…

Read More Read More

Year of the Rabbit — Write-up

Year of the Rabbit — Write-up

TryHackMe Challenge Link: https://tryhackme.com/room/yearoftherabbit Year of the Rabbit is the second box I built; and was originally designed to accompany my workshop on CTF creation, first presented on the 11th of March 2020 to the UAD Ethical Hacking society. Now that Year of the Rabbit has been made public, I am also releasing this post as the official write-up. Let’s get started! Enumeration: As always, we first need to perform some initial enumeration on the box. Get nmap up and…

Read More Read More

Learn Linux — Write-up

Learn Linux — Write-up

TryHackMe Walkthrough Link: https://tryhackme.com/room/zthlinux Learn Linux is a great introductory room from Paradox. As the name suggests, it gives a nice foundation for Linux skills. This is a walkthrough room, so I’m not going to go into a huge amount of detail about the concepts themselves — I’ll leave that in Pars’ capable hands. Instead I’m going to be focusing on the questions, and how to answer them. By this token, I will be bypassing the tasks which don’t actually…

Read More Read More

Scroll Up