This room is part of the TryHackMe’s Offensive Pentesting learning path, which is something a lot of people use when preparing for their OSCP exam. This was one of the first rooms and it involved attacking a web application exploiting a file upload functionality, bypassing file extension whitelisting, and exploiting a SUID binary to escalate privileges.
Read moreThis was an intermediate box that involved decoding a base64-encoded password to access a file upload page, through which a PHP reverse shell can be uploaded to gain an initial access. From there, a password has to be de-ciphered using ROT13 in order to obtain root access to the machine.
Read moreThis is a fairly easy box that requires you to exploit the Eternal Blue vulnerability(CVE-2017-0143, fixed with the MS17-010 Microsoft update) in the SMB service(specifically version 1), which allows execution of code remotely.
Read morePrivilege escalation is a crucial step in the penetration testing lifecycle, through this Checklist I intend to cover all the main vectors used in Linux privilege escalation, and some of my personal notes that I used in previous penetration tests.
Read moreI decided to sign up for Virtual Hacking Labs after failing the OSCP exam for the first time. That’s when I started looking for new platforms to practice, and after a long research VHL seemed to be one of the best options and I am grateful I signed up for this as this was definitely one of the reasons I was able to pass my OSCP exam later on.