Tag

CTF

CTF Walkthroughs, TryHackMe

TryHackMe – HackPark Walkthrough

Introduction

This was a fairly easy Windows machine that involved bruteforcing credentials to authenticate into the BlogEngine web application, exploiting a remote code execution vulnerability affecting it to gain remote access and an insecure service file permission vulnerability in the Splinterware System Scheduler application to escalate privileges to SYSTEM.

Read more
CTF Walkthroughs, TryHackMe

TryHackMe – Alfred Walkthrough

Introduction

This was an easy Windows box that involved authenticating to Jenkins using common credentials, executing commands through the Groovy scripting language used in the script console to gain remote access and using token impersonation to escalate privileges to SYSTEM.

It also involved switching from a normal shell to a Meterpreter shell and migrating from a user level process to a SYSTEM level process.

Read more
CTF Walkthroughs, TryHackMe

TryHackMe – Kenobi Walkthrough

Introduction

This was an easy Linux box that involved gaining initial access by exploiting a vulnerability in ProFTPD to copy a user’s SSH key to a world-readable directory, grabbing it using SMB and using it to authenticate to via SSH and exploiting a vulnerable SUID binary in conjunction with PATH Environmental Variable manipulation to escalate to root.

Read more