Thompson is another beginner-friendly room on TryHackMe.com based on the exploitation of AJP (Apache JServ Protocol). If done right completing this room won’t take more than 15 to 20 minutes as it is pretty easy.
Initial Enumeration
The first that we must do is run an nmap scan against the machine’s IP address in order to determine the various ports open on the machine.
┌─[tester@parrot-virtual]─[~/Downloads/thompson] └──╼ $nmap -A 10.10.94.207 Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-20 22:27 IST Nmap scan report for 10.10.94.207 Host is up (0.16s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH…
This room another simple boot2root kind of a challenge. The main focus of this room is on enumeration as we directly have the access to the file system via FTP and all we need is to do is enumerate in order to gain root access. Also, we need to do some GPG passphrase cracking in order to access some encrypted data.
Initial Enumeration
The first thing that we need to do after starting the machine is to run an nmap scan against the machine’s IP address.
┌─[tester@parrot-virtual]─[~/Downloads/anonforce] └──╼ $nmap -A 10.10.94.82 Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-20 11:19 IST Nmap…
The TryHackMe: Ignite room is beginner friendly and really easy room. It took barely 15 minutes for me to get the root flag. It is based on a simple RCE that can be found out after some googling and that is it.
Initial Enumeration
The first that we must do after starting the machine is to access the machine’s IP address and run a simple nmap scan to check the open ports. On visiting the IP address we land up on a Fuel CMS Getting Started page.
So, I recently cleared Microsoft Azure Fundamentals certification. The exam tests your basic knowledge on various services offered by Microsoft Azure. Though the exam is quite easy there is a plethora of services that are being offered which become a bit difficult for beginners to keep in mind all at once.
I have tried to put in all those services in the form of an extensive mind map that can act like a one stop shop to get a glance of all the Azure services.
This mind map is based on the online training provided by Microsoft at: https://docs.microsoft.com/en-us/learn/certifications/exams/az-900
Who…
This room on HackTheBox is categorized as Easy but as a beginner I still found it to be a bit tricky as there were many things that I had not experienced before just like a completely new way for me to enumerate credentials.
So, let’s begin!
Enumeration
Blunder sits at IP address: 10.10.10.191. So, the first thing that we can do is run an nmap scan against the IP address to check all the ports that are open over there.
┌─[tester@parrot-virtual]─[~/Downloads/blunder] └──╼ $nmap -A 10.10.10.191 Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-17 08:30 IST Nmap scan report for 10.10.10.191 Host…
To be honest, this room is really great and explores various aspects of CTF’s. It includes not just in-depth enumeration but things from basic source-code analysis to steganography and a lot many things. It took me quite some to solve this room (you’ll know the reason once you read the writeup). But in short, this room would help any beginner to learn a lot of different things.
So, let’s begin!
[Task 1] Recon
- Deploy the machine.
Obviously, the first and most important step to complete any room is to deploy the machine first of all.
2. How many ports are open?
To get…
In my opinion, the Agent Sudo room on TryHackMe is one of the best rooms for beginners. It focuses on various things related to enumeration, steganography as well as reverse image searching. There were some things that even I encountered for the first time.
So, let’s begin!
Initial Enumeration
[Task 1] Author note
We don’t need to do anything more than just deploying the machine for this task and get the IP address for the box.
[Task 2] Enumerate
1. How many open ports?
This can be found out by simply running an nmap scan on the target machine. The results of the scan would look somewhat like:
tester@kali:~/Desktop$…
Lian Yu is a great beginner level room on TryHackMe. I found this room really good in terms of correlating all the information you have right in front of you. Though the room is themed on Arrow TV Series, one does not need prior knowledge of Arrow. This room requires basic knowledge on directory traversal, steganography and most importantly as I mentioned earlier useful information.
So, let’s begin!
Initial Foothold
- Deploy the VM and Start the Enumeration.
As an initial step, we can start an nmap scan along with gobuster scan.
Nmap scan results:
root@kali:~# nmap -A -p- -T4 10.10.234.51 Starting Nmap…Smag Grotto is a really innovative room and for me, it was a room that helped me develop a different perspective form enumeration as well as privilege escalation.
This room involves skills such as packet analysis, popping a reverse shell, enumeration (obviously) and a few other things. So, let’s begin!
Initial Foothold
First of all, we need to deploy the machine. And as a basic step, we can start our basic enumeration like browsing the webpages and starting a dirb scan.
On the homepage, there is nothing but a statement that ‘The website is under development’. …
At first, I thought that this room might be a bit difficult though rated as Beginner (only on the basis of the name). Don’t know why but it gave me a feeling that it’ll be something really challenging. But I must say that this room is one of the easiest rooms on TryHackMe. And also, it does not even take time to solve!
So, let’s begin!
Initial Foothold
First of all, we need to deploy the machine and get the IP address. We can then visit the IP address and find an animated image and a conversation among 4 people.
0xNirvana
Just another CyberSec Guy
