Before performing the following steps make sure you have a remote shell created from your target machine (any shell should work including those dumb ones)!
The biggest issue that can be faced while having a remote shell on your TryHackMe, HackTheBox or any other target machine is that those reverse shells are dumb.
Because of that dumb shell you can’t autocomplete, use arrow keys to get your previous entered command or correct some typo in your current long command. But the worst part is you can’t AUTOCOMPLETE!
To resolve this issue, we can use a really awesome method using python…
Archangel is an ranked as an easy room on TryHackMe.com but it is a bit more difficult than the other easy rooms. Some of the concepts or methods might be completely new for beginners. Even I got to learn something new from this room. This room focuses on multiple things such as LFI and SUID binary exploitation.
So, lets begin!
Enumeration
The first thing that we can do is start an nmap scan against the machine's IP address and check if some webpages are hosted over there using our web browser.
The Chocolate Factory room on TryHackMe.com is ranked as Easy. And is really quite easy. It focuses on things like finding steganography, finding files with improper file permissions and basic command injection.
So, lets begin!
Enumeration
The first thing we must do is run an nmap scan and along with that check if there is some webpage hosted by accessing the machine IP address via the web browser.
Kioptrix Level 4 is a difficult machine. It emphasizes on a numerous things from a not so common SQLi, limited shell to privilege escalation using MySQL function.
So, lets begin!
Enumeration
The first thing to do for enumeration is start an nmap scan against the machine's IP address and check if some webpage is hosted on the server.
The results obtained from nmap are
┌──(kali㉿kali)-[~/Desktop/oscp/vulnhub/kioptrix_lv4] └─$ nmap -sS -p- -T4 -oN open_ports 192.168.0.194 # Nmap 7.91 scan initiated Sat May 1 13:57:46 2021 as: nmap -sS -p- -T4 -oN open_ports 192.168.0.194 Nmap scan report for 192.168.0.194 Host is up (0.053s latency)…Kioptrix Level 3 is a comparatively challenging machine in comparison to Level 1 and 2. This machine focuses on completely different skill sets than on what the earlier levels did.
There are mainly two method to gain initial access to the machine. So, lets begin and check out both the methods.
Enumeration
Before starting, add an entry for
kioptrix3.comin the/etc/hostsfile.
As usual the first thing to do would be to run an nmap scan and check through the browser if some webpage is hosted over there. The results from nmap are like
┌──(kali㉿kali)-[~/Desktop/oscp/vulnhub/kioptrix_lv3] └─$ nmap -sS -p- -T4…The actual exploitation of Kioptrix Level 2 is really easy only if you go through proper enumeration and analyzing everything that you have. Gaining access to the machine is really simple but the main fun begins after that while escalating your privileges.
So, let’s begin!
Initial Enumeration
For enumeration, we can get started with running an nmap scan and trying to access the machine via a web browser to see if some website is hosted over there.
The results of nmap are like
┌──(kali㉿kali)-[~/Desktop/oscp/vulnhub/kioptrix_lv2] └─$ sudo nmap -sS -p- -T3 192.168.0.191 [sudo] password for kali: Starting Nmap 7.91 ( https://nmap.org ) at…Kioptrix Level 1 is one of the most easiest machines on VulnHub. It is usually the machine with which a large number of people get started with for their OSCP preparations.
Solving this machine is really easy.
Initial Enumeration
The first and foremost thing that we must do is start an nmap scan to check the services running on the machine and meanwhile check if there is some website is hosted by accessing the IP address via web browser.
All that can be seen that an Apache test page when we access the login page. …
The ConvertMyVideo is a medium difficulty room on TryHackMe.com but requires a lot of thinking at each step. Right from gaining the foothold to escalating our privileges, we need to think out of the box to get the desired result. This room focuses on various things such as intercepting traffic, OS command injection and analyzing cron jobs.
So, let’s begin!
Initial Enumeration
The first thing that we must do is scan all the ports and get details of the services running there using nmap:
┌──(kali㉿kali)-[~/Desktop/oscp/convertMyVideo] └─$ sudo nmap -sS -p- -T3 10.10.77.13 | tee open_ports [sudo] password for kali: Starting Nmap 7.91…
Anonymous is a medium rated room on TryHackMe but even after that it took only 2 major steps to get the root. The room focuses mainly on enumerating the services running on the machine.
So, let’s begin!
Enumeration
As a part of the initial enumeration regime, we can first try to access the machine’s IP in our browser to check if some website is hosted on port 80/443. But turns out that nothing is hosted over there. The second things that we can do is run an nmap scan to check the open ports and what services are running over there.
…UltraTech is ranked as a medium room but feels pretty easy. The room focuses on basic enumeration, webapp testing and privilege escalation.
So, let’s begin!
Initial Enumeration
The first thing that we can do after starting the machine is try to access the IP address through our browser to check if some website is hosted on port 80 or 443 but in this case we are not able to connect over port 80/443. This suggests that there are high chances of port 80/443 being closed.
The next thing that we can do in our initial enumeration is to run a basic nmap…
0xNirvana
Just another CyberSec Guy
