Thompson is another beginner-friendly room on TryHackMe.com based on the exploitation of AJP (Apache JServ Protocol). If done right completing this room won’t take more than 15 to 20 minutes as it is pretty easy.

Initial Enumeration

The first that we must do is run an nmap scan against the machine’s IP address in order to determine the various ports open on the machine.

┌─[tester@parrot-virtual]─[~/Downloads/thompson] └──╼ $nmap -A 10.10.94.207 Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-20 22:27 IST Nmap scan report for 10.10.94.207 Host is up (0.16s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH…

Image for post
Image for post

This room another simple boot2root kind of a challenge. The main focus of this room is on enumeration as we directly have the access to the file system via FTP and all we need is to do is enumerate in order to gain root access. Also, we need to do some GPG passphrase cracking in order to access some encrypted data.

Initial Enumeration

The first thing that we need to do after starting the machine is to run an nmap scan against the machine’s IP address.

┌─[tester@parrot-virtual]─[~/Downloads/anonforce] └──╼ $nmap -A 10.10.94.82 Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-20 11:19 IST Nmap…


Image for post
Image for post

The TryHackMe: Ignite room is beginner friendly and really easy room. It took barely 15 minutes for me to get the root flag. It is based on a simple RCE that can be found out after some googling and that is it.

Initial Enumeration

The first that we must do after starting the machine is to access the machine’s IP address and run a simple nmap scan to check the open ports. On visiting the IP address we land up on a Fuel CMS Getting Started page.


So, I recently cleared Microsoft Azure Fundamentals certification. The exam tests your basic knowledge on various services offered by Microsoft Azure. Though the exam is quite easy there is a plethora of services that are being offered which become a bit difficult for beginners to keep in mind all at once.

I have tried to put in all those services in the form of an extensive mind map that can act like a one stop shop to get a glance of all the Azure services.

This mind map is based on the online training provided by Microsoft at: https://docs.microsoft.com/en-us/learn/certifications/exams/az-900

Who…


Image for post
Image for post

This room on HackTheBox is categorized as Easy but as a beginner I still found it to be a bit tricky as there were many things that I had not experienced before just like a completely new way for me to enumerate credentials.

So, let’s begin!

Enumeration

Blunder sits at IP address: 10.10.10.191. So, the first thing that we can do is run an nmap scan against the IP address to check all the ports that are open over there.

┌─[tester@parrot-virtual]─[~/Downloads/blunder] └──╼ $nmap -A 10.10.10.191 Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-17 08:30 IST Nmap scan report for 10.10.10.191 Host…


Image for post
Image for post

To be honest, this room is really great and explores various aspects of CTF’s. It includes not just in-depth enumeration but things from basic source-code analysis to steganography and a lot many things. It took me quite some to solve this room (you’ll know the reason once you read the writeup). But in short, this room would help any beginner to learn a lot of different things.

So, let’s begin!

[Task 1] Recon

  1. Deploy the machine.

Obviously, the first and most important step to complete any room is to deploy the machine first of all.

2. How many ports are open?

To get…


Image for post
Image for post

In my opinion, the Agent Sudo room on TryHackMe is one of the best rooms for beginners. It focuses on various things related to enumeration, steganography as well as reverse image searching. There were some things that even I encountered for the first time.

So, let’s begin!

Initial Enumeration

[Task 1] Author note

We don’t need to do anything more than just deploying the machine for this task and get the IP address for the box.

[Task 2] Enumerate

1. How many open ports?

This can be found out by simply running an nmap scan on the target machine. The results of the scan would look somewhat like:

tester@kali:~/Desktop$…


Image for post
Image for post
Img. Lian Yu

Lian Yu is a great beginner level room on TryHackMe. I found this room really good in terms of correlating all the information you have right in front of you. Though the room is themed on Arrow TV Series, one does not need prior knowledge of Arrow. This room requires basic knowledge on directory traversal, steganography and most importantly as I mentioned earlier useful information.

So, let’s begin!

Initial Foothold

  1. Deploy the VM and Start the Enumeration.

As an initial step, we can start an nmap scan along with gobuster scan.

Nmap scan results:

root@kali:~# nmap -A -p- -T4 10.10.234.51 Starting Nmap…


Smag Grotto is a really innovative room and for me, it was a room that helped me develop a different perspective form enumeration as well as privilege escalation.

This room involves skills such as packet analysis, popping a reverse shell, enumeration (obviously) and a few other things. So, let’s begin!

Initial Foothold

First of all, we need to deploy the machine. And as a basic step, we can start our basic enumeration like browsing the webpages and starting a dirb scan.

On the homepage, there is nothing but a statement that ‘The website is under development’. …


Image for post
Image for post

At first, I thought that this room might be a bit difficult though rated as Beginner (only on the basis of the name). Don’t know why but it gave me a feeling that it’ll be something really challenging. But I must say that this room is one of the easiest rooms on TryHackMe. And also, it does not even take time to solve!

So, let’s begin!

Initial Foothold

First of all, we need to deploy the machine and get the IP address. We can then visit the IP address and find an animated image and a conversation among 4 people.

0xNirvana

Just another CyberSec Guy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store