TryHackMe Write-Up: Mindgames

Introduction

This is my write up for TryHackMe's Mindgames Room.

Enumeration

Nmap scan shows that both HTTP and SSH are running. 


Looking at the webpage, I see what looks like BrainF*ck encrypted text.

Going to dcode.fr, I see that decoding the "Hello, World" code results to a simple Python print statement.


And that the "Fibonacci" code is Python code that prints out the Fibonacci Sequence:


If that being the case, then it might be possible to inject code! 
Read more »
at No comments:
Labels: ,

TryHackMe Write-up: Intro to Python

Introduction
This is my write up for TryHackMe's Intro To Python. Unlike other rooms I have written about, this is actually an introductory tutorial on Python.  With that being said, this room is composed of reading materials and quiz type questions. Given this, we will be tackling "Tasks" with questions.


This task discusses the math operators and symbols commonly used in Python.  Answers for this task can be solved simply by reading the accompanying reading material.


This task discusses the variables and the common data types variables can be specified as.  Just like Task 3, the answers for this task can be solved by understanding the reading material.
Read more »
at No comments:
Labels: ,

TryHackMe Write-up: Python Playground

Introduction

This is my write up for TryHackMe's Python Playground Room.

Enumeration

Nmap scan shows that both HTTP and SSH are running. 


Let's take a look at the website.

Let's see if we can login.

So that didn't work.

Let's try to register.


So both login and signup pages aren't working.  Let's try something else.
Running nikto, we see that there's another html page.


Going to the admin page, we see a working login page.


Let's look at the page source.


We see that there's another page super-secret-admin-testing-panel.html and also code for getting a password.  

Let's look at the super secret page first.

Read more »
at No comments:
Labels: ,

TryHackMe Write-up: HaskHell

Introduction

This is my write up for TryHackMe's HaskHell Room.

Enumeration

Nmap scan shows that SSH is running.  We also see that port 5001 is open and running an HTTP server on it.


Opening the website, we see the following:


We then check the homework:


The first thing that comes to mind is a file upload vulnerability.  The problem is that the link leads to nowhere.


Using dirb, we see another directory.


Checking it out, we see a way to upload files.

Read more »
at No comments:
Labels: ,

TryHackMe Write-up: Wonderland

Introduction

This is my write up for TryHackMe's WonderLand Room

Enumeration

Nmap scan shows that both HTTP and SSH are running.



Opening the webpage, we see the following:


Read more »
at No comments:
Labels: ,

TryHackMe writeup: Binex

Introduction

This is my write-up for TryHackMe's Binex Room

Enumeration

Using nmap, we see that SSH and SMB are running on the target.


The hint showed that the longest username in RID range 1000-1003 has an insecure password.  We then run enum4linux to enumerate the users.


Read more »
at No comments:
Labels: ,

TryHackMe write-up: LazyAdmin

Introduction

This is my write-up for TryHackMe's LazyAdmin Room

Enumeration

Using nmap, we see that SSH and HTTP ports are open.


Let's check the website:



Read more »
at No comments:
Labels: ,

TryHackMe write-up: Anonymous

Introduction

This is my write-up for TryHackMe's Anonymous Room

Enumeration

Using nmap, we see that FTP, SSH and SMB ports are open.



One question asks for the name of the share.  We can use smbclient to do so.

Read more »
at No comments:
Labels: ,
Subscribe to: Posts (Atom)