Tag
As the name suggests, this was a really simple challenge that involved accessing an open SMB share to identify usernames, performing a SSH brute-force attack to obtain access, and cracking the passphrase for a world-readable SSH key to escalate privileges.
Read moreThis was an easy Linux machine that involved exploiting a vulnerable file upload functionality to gain initial access and various misconfigured scripts on the box to escalate privileges to root.
Read moreThis room is part of the TryHackMe Offensive Security path and it aims to teach or consolidate stack buffer overflow exploitation skills for students aspiring to take on the OSCP certification exam.
Read moreThis was an easy Linux machine that involved exploiting a vulnerability in MSFVenom to gain remote code execution, a misconfigured Bash script to escalate to the “pwn” user, and a Sudo rule to escalate privileges to root.
Read moreThis was an intermediate-level Linux machine that involved brute-forcing WordPress credentials to gain initial access through a malicious plugin upload and escalating privileges through a Jenkins instance with weak credentials.
Read moreThis was an intermediate Linux machine that involved exploiting a SQL injection vulnerability to gain initial access, a misconfigured Python script to escalate to the “pepper” user and the Systemctl binary with SUID privileges set to escalate to root.
Read moreThis was an intermediate Linux machine that involved exploiting the ticket reply via email functionality of osTicket to access a MatterMost web application to find SSH credentials and using Hashcat rules to crack root hashes stored in the MySQL database to escalate privileges.
Read moreThis was an easy Windows machine that involved exploiting the Microsoft Eternal Blue exploit to gain immediate system-level access or alternatively an open SMB share to gain initial access and token impersonation to escalate privileges to system.
Read moreThis was an intermediate Linux machine and the last in the Overpass TryHackMe series, it involved discovering a backup archive stored on the webserver, which contained encrypted user credentials that are then used to connect to the FTP server and uploading a PHP reverse shell to gain initial access. Root access was then obtained by exploiting an open NFS share with the no_root_squash option enabled.
Read moreThis was an easy Linux machine and the second in the Overpass TryHackMe series. It involved analyzing a capture file containing requests issued by an attacker to compromise the web server, escalate privileges to root and establish persistence, in order to understand the exact steps followed to do so, and then using that information to hack back into the host.
Read more