After completing all the Level 1 challenges, now its time for Level 2. The Level 2 challenges are definitely bit harder than those of Level 1 but can be solved easily with some efforts.
Whenever it is about admin, the first that should come to our mind is default credentials, simple SQLi or brute-force attack. So, first we can go to the login page and try combination of some of the basic usernames and passwords like:
After creating the app on Heroko using the OWASP Juice Shop GitHub repository the first task was to find the score board. From the initial app walkthrough hints, it was clear that I had to look into the source-code and other JS files of the webpage. So, I started with the source-code and searched for various terms like dash, dashboard, score and scoreboard but did not find anything. The next thing to look at were the JS files.
Thompson is another beginner-friendly room on TryHackMe.com based on the exploitation of AJP (Apache JServ Protocol). If done right completing this room won’t take more than 15 to 20 minutes as it is pretty easy.
The first that we must do is run an nmap scan against the machine’s IP address in order to determine the various ports open on the machine.
┌─[tester@parrot-virtual]─[~/Downloads/thompson] └──╼ $nmap -A 10.10.94.207 Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-20 22:27 IST Nmap scan report for 10.10.94.207 Host is up (0.16s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH…
This room another simple boot2root kind of a challenge. The main focus of this room is on enumeration as we directly have the access to the file system via FTP and all we need is to do is enumerate in order to gain root access. Also, we need to do some GPG passphrase cracking in order to access some encrypted data.
The first thing that we need to do after starting the machine is to run an nmap scan against the machine’s IP address.
┌─[tester@parrot-virtual]─[~/Downloads/anonforce] └──╼ $nmap -A 10.10.94.82 Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-20 11:19 IST Nmap…
The TryHackMe: Ignite room is beginner friendly and really easy room. It took barely 15 minutes for me to get the root flag. It is based on a simple RCE that can be found out after some googling and that is it.
The first that we must do after starting the machine is to access the machine’s IP address and run a simple nmap scan to check the open ports. On visiting the IP address we land up on a Fuel CMS Getting Started page.
So, I recently cleared Microsoft Azure Fundamentals certification. The exam tests your basic knowledge on various services offered by Microsoft Azure. Though the exam is quite easy there is a plethora of services that are being offered which become a bit difficult for beginners to keep in mind all at once.
I have tried to put in all those services in the form of an extensive mind map that can act like a one stop shop to get a glance of all the Azure services.
This mind map is based on the online training provided by Microsoft at: https://docs.microsoft.com/en-us/learn/certifications/exams/az-900
This room on HackTheBox is categorized as Easy but as a beginner I still found it to be a bit tricky as there were many things that I had not experienced before just like a completely new way for me to enumerate credentials.
So, let’s begin!
Blunder sits at IP address: 10.10.10.191. So, the first thing that we can do is run an
nmap scan against the IP address to check all the ports that are open over there.
┌─[tester@parrot-virtual]─[~/Downloads/blunder] └──╼ $nmap -A 10.10.10.191 Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-17 08:30 IST Nmap scan report for 10.10.10.191 Host…
To be honest, this room is really great and explores various aspects of CTF’s. It includes not just in-depth enumeration but things from basic source-code analysis to steganography and a lot many things. It took me quite some to solve this room (you’ll know the reason once you read the writeup). But in short, this room would help any beginner to learn a lot of different things.
So, let’s begin!
Obviously, the first and most important step to complete any room is to deploy the machine first of all.
2. How many ports are open?
In my opinion, the Agent Sudo room on TryHackMe is one of the best rooms for beginners. It focuses on various things related to enumeration, steganography as well as reverse image searching. There were some things that even I encountered for the first time.
So, let’s begin!
We don’t need to do anything more than just deploying the machine for this task and get the IP address for the box.
1. How many open ports?
This can be found out by simply running an
nmap scan on the target machine. The results of the scan would look somewhat like:
Lian Yu is a great beginner level room on TryHackMe. I found this room really good in terms of correlating all the information you have right in front of you. Though the room is themed on Arrow TV Series, one does not need prior knowledge of Arrow. This room requires basic knowledge on directory traversal, steganography and most importantly as I mentioned earlier useful information.
So, let’s begin!
As an initial step, we can start an nmap scan along with gobuster scan.
Nmap scan results:
root@kali:~# nmap -A -p- -T4 10.10.234.51 Starting Nmap…
Just another CyberSec Guy