TryHackMe – Web Fundamentals Mini CTF Walkthrough
Introduction
This mini CTF was part of the web fundamentals room and it aims to allow students to practice their web skills with GET/POST requests and cookies.
Read more
Tag
This mini CTF was part of the web fundamentals room and it aims to allow students to practice their web skills with GET/POST requests and cookies.
Read moreThis room is part of the TryHackMe Offensive Security path and it aims to teach or consolidate stack buffer overflow exploitation skills for students aspiring to take on the OSCP certification exam.
Read moreThis was an intermediate-level Linux machine that involved brute-forcing WordPress credentials to gain initial access through a malicious plugin upload and escalating privileges through a Jenkins instance with weak credentials.
Read moreThis was an easy Windows machine that involved exploiting the Microsoft Eternal Blue exploit to gain immediate system-level access or alternatively an open SMB share to gain initial access and token impersonation to escalate privileges to system.
Read moreThis was an intermediate Linux machine and the last in the Overpass TryHackMe series, it involved discovering a backup archive stored on the webserver, which contained encrypted user credentials that are then used to connect to the FTP server and uploading a PHP reverse shell to gain initial access. Root access was then obtained by exploiting an open NFS share with the no_root_squash option enabled.
Read moreThis was an easy Linux machine and the second in the Overpass TryHackMe series. It involved analyzing a capture file containing requests issued by an attacker to compromise the web server, escalate privileges to root and establish persistence, in order to understand the exact steps followed to do so, and then using that information to hack back into the host.
Read moreThis was an easy Linux box that involved accessing an open SMB share containing a list of credentials that could be used to bruteforce a SquirrelMail web application, finding SMB credentials on the application to access a new share which revealed a second web application, and exploiting a remote file inclusion vulnerability in Cuppa CMS to gain remote access. Privilege escalation was possible due to a misconfigured cron job running as root and using a wildcard with the tar command.
Read moreThis was a fairly easy Linux machine that involved exploiting an SQL injection vulnerability and cracking a user hash found in the database in order to gain initial access and a vulnerability in the Webmin web application, through SSH tunneling, to escalate privileges to root.
Read moreThis was an easy Windows box that involved authenticating to Jenkins using common credentials, executing commands through the Groovy scripting language used in the script console to gain remote access and using token impersonation to escalate privileges to SYSTEM.
It also involved switching from a normal shell to a Meterpreter shell and migrating from a user level process to a SYSTEM level process.
Read moreThis was an easy Windows box that involved gaining initial access through a remote command execution vulnerability in the Rejetto HTTP File Server web application and exploiting a unquoted service path vulnerability in the Advanced System Care 9 application to gain SYSTEM level access
Read more