Before performing the following steps make sure you have a remote shell created from your target machine (any shell should work including those dumb ones)!

The biggest issue that can be faced while having a remote shell on your TryHackMe, HackTheBox or any other target machine is that those reverse shells are dumb.

Because of that dumb shell you can’t autocomplete, use arrow keys to get your previous entered command or correct some typo in your current long command. But the worst part is you can’t AUTOCOMPLETE!

To resolve this issue, we can use a really awesome method using python

LAMP Security: CTF4 is one of the easy machines on VulnHub which mainly focuses on SQLi.

So, lets begin!

Enumeration

As usual, the first thing that we need to do is run an nmap scan and check if some webpages are hosted on port 80/443. We can initially start the nmap scan and head over to the browser.

Here it can be seen some static pages are hosted.

Meanwhile, we get our nmap results as well

┌──(kali㉿kali)-[~/Desktop/side_oscp/vulnhub/lampctf4]
└─$ portopen 192.168.0.123…

Archangel is an ranked as an easy room on TryHackMe.com but it is a bit more difficult than the other easy rooms. Some of the concepts or methods might be completely new for beginners. Even I got to learn something new from this room. This room focuses on multiple things such as LFI and SUID binary exploitation.

So, lets begin!

Enumeration

The first thing that we can do is start an nmap scan against the machine's IP address and check if some webpages are hosted over there using our web browser.

The Chocolate Factory room on TryHackMe.com is ranked as Easy. And is really quite easy. It focuses on things like finding steganography, finding files with improper file permissions and basic command injection.

So, lets begin!

Enumeration

The first thing we must do is run an nmap scan and along with that check if there is some webpage hosted by accessing the machine IP address via the web browser.

Kioptrix Level 4 is a difficult machine. It emphasizes on a numerous things from a not so common SQLi, limited shell to privilege escalation using MySQL function.

So, lets begin!

Enumeration

The first thing to do for enumeration is start an nmap scan against the machine's IP address and check if some webpage is hosted on the server.

The results obtained from nmap are

┌──(kali㉿kali)-[~/Desktop/oscp/vulnhub/kioptrix_lv4]
└─$ nmap -sS -p- -T4 -oN open_ports 192.168.0.194
# Nmap 7.91 scan initiated Sat May 1 13:57:46 2021 as: nmap -sS -p- -T4 -oN open_ports 192.168.0.194
Nmap scan report for 192.168.0.194
Host is up (0.053s latency).
Not shown: 39528 closed…

Kioptrix Level 3 is a comparatively challenging machine in comparison to Level 1 and 2. This machine focuses on completely different skill sets than on what the earlier levels did.

There are mainly two method to gain initial access to the machine. So, lets begin and check out both the methods.

Enumeration

Before starting, add an entry for kioptrix3.com in the /etc/hosts file.

As usual the first thing to do would be to run an nmap scan and check through the browser if some webpage is hosted over there. The results from nmap are like

┌──(kali㉿kali)-[~/Desktop/oscp/vulnhub/kioptrix_lv3]
└─$ nmap -sS -p- -T4 -oN…

The actual exploitation of Kioptrix Level 2 is really easy only if you go through proper enumeration and analyzing everything that you have. Gaining access to the machine is really simple but the main fun begins after that while escalating your privileges.

So, let’s begin!

Initial Enumeration

For enumeration, we can get started with running an nmap scan and trying to access the machine via a web browser to see if some website is hosted over there.

The results of nmap are like

┌──(kali㉿kali)-[~/Desktop/oscp/vulnhub/kioptrix_lv2]
└─$ sudo nmap -sS -p- -T3 192.168.0.191…

Kioptrix Level 1 is one of the most easiest machines on VulnHub. It is usually the machine with which a large number of people get started with for their OSCP preparations.

Solving this machine is really easy.

Initial Enumeration

The first and foremost thing that we must do is start an nmap scan to check the services running on the machine and meanwhile check if there is some website is hosted by accessing the IP address via web browser.

All that can be seen that an Apache test page when we access the login page. …

The ConvertMyVideo is a medium difficulty room on TryHackMe.com but requires a lot of thinking at each step. Right from gaining the foothold to escalating our privileges, we need to think out of the box to get the desired result. This room focuses on various things such as intercepting traffic, OS command injection and analyzing cron jobs.

So, let’s begin!

Initial Enumeration

The first thing that we must do is scan all the ports and get details of the services running there using nmap:

┌──(kali㉿kali)-[~/Desktop/oscp/convertMyVideo]
└─$ sudo nmap -sS -p- -T3 10.10.77.13 | tee open_ports
[sudo] password for kali:
Starting Nmap 7.91 ( https://nmap.org

Anonymous is a medium rated room on TryHackMe but even after that it took only 2 major steps to get the root. The room focuses mainly on enumerating the services running on the machine.

So, let’s begin!

Enumeration

As a part of the initial enumeration regime, we can first try to access the machine’s IP in our browser to check if some website is hosted on port 80/443. But turns out that nothing is hosted over there. The second things that we can do is run an nmap scan to check the open ports and what services are running over there.

0xNirvana

Just another CyberSec Guy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store