Category
This was a fairly easy Windows machine that involved bruteforcing credentials to authenticate into the BlogEngine web application, exploiting a remote code execution vulnerability affecting it to gain remote access and an insecure service file permission vulnerability in the Splinterware System Scheduler application to escalate privileges to SYSTEM.
Read moreThis was an easy Windows box that involved authenticating to Jenkins using common credentials, executing commands through the Groovy scripting language used in the script console to gain remote access and using token impersonation to escalate privileges to SYSTEM.
It also involved switching from a normal shell to a Meterpreter shell and migrating from a user level process to a SYSTEM level process.
Read moreThis was an easy Windows box that involved gaining initial access through a remote command execution vulnerability in the Rejetto HTTP File Server web application and exploiting a unquoted service path vulnerability in the Advanced System Care 9 application to gain SYSTEM level access
Read moreThis was an easy Linux box that involved gaining initial access by exploiting a vulnerability in ProFTPD to copy a user’s SSH key to a world-readable directory, grabbing it using SMB and using it to authenticate to via SSH and exploiting a vulnerable SUID binary in conjunction with PATH Environmental Variable manipulation to escalate to root.
Read moreI really enjoyed this box, even though the initial exploitation phase isn’t something new as it exploits the EternalBlue vulnerability, but it then shows how to convert a normal shell to a Meterpreter shell, how to migrate to a SYSTEM level process and how to dump and crack user hashes.
Read moreThis room is part of the TryHackMe’s Offensive Pentesting learning path, which is something a lot of people use when preparing for their OSCP exam. This was one of the first rooms and it involved attacking a web application exploiting a file upload functionality, bypassing file extension whitelisting, and exploiting a SUID binary to escalate privileges.
Read more