CTF Walkthroughs, TryHackMe

TryHackMe – Overpass 3 – Hosting Walkthrough

Introduction

This was an intermediate Linux machine and the last in the Overpass TryHackMe series, it involved discovering a backup archive stored on the webserver, which contained encrypted user credentials that are then used to connect to the FTP server and uploading a PHP reverse shell to gain initial access. Root access was then obtained by exploiting an open NFS share with the no_root_squash option enabled.

Read more
CTF Walkthroughs, TryHackMe

TryHackMe – Overpass 2 – Hacked Walkthrough

Introduction

This was an easy Linux machine and the second in the Overpass TryHackMe series. It involved analyzing a capture file containing requests issued by an attacker to compromise the web server, escalate privileges to root and establish persistence, in order to understand the exact steps followed to do so, and then using that information to hack back into the host.

Read more
Cheat Sheets, Resources

Linux TTY Shell Cheat Sheet

Introduction

During a penetration test, when obtaining access to a remote Linux host via a reverse/bind shell, it can be very painful to issue certain commands over it and it is often a much better option to obtain an interactive shell. These are the main reason why this is a good idea:

  • More shell stability, as things like CTRL+C will no longer close down the connection.
  • Ability to use up, down, left, and right arrows to navigate through and modify commands.
  • Ability to use applications or commands that use a login prompt such as Sudo, MySQL, SSH, etc.
  • Ability to use tab-auto completion in commands.
  • Ability to view commands, output, and file contents in the same terminal size as the host machine.

This article will list the various commands that can be used to obtain a TTY shell and also how to turn it into a fully interactive shell.

Read more