TryHackMe Writeups
-
Q1) What does IAAA stand for? Identity, Authentication, Authorisation, Accountability Q2) If you don’t get access to more roles but can view the data of another users, what type of privilege escalation is this? Horizontal Q3) What is the note you found when viewing the user‘s account who had more than $ 1 million? I…
-
finally back with new writeup on TryHackMe Question 1: What do we call the exposure of hidden system instructions? Ans: Leakage Question 2: What evasive technique replaces or alters characters to bypass naive keyword filters? Ans: Obfuscation Question 3: Which injection type smuggles instructions via uploaded documents, web pages, or plugins? Ans: Indirect Question 4:…
-
Reconnaissance Analyze the provided log files. Look carefully at: What tools did the attacker use? (Order by the occurrence in the log) nmap, hydra, sqlmap, curl, feroxbuster The access.log file keeps all the records of who visited the web server. It also shows the User-Agent, which tells what tool or browser made the request. By…
-
DLL Hijacking is one of the most dangerous threats in windows, here is a detailed explaination by me 😀 First of all, What are DLL files? DLL files (Dynamic Link Libraries) are collections of code and resources (like functions, images, or data) that programs load when they run so they don’t have to include that…
-
I don’t have enough time again, so yes, this writeup is very rushed xD. Also, you already have the SSH creds. Credentials Tips and Tools Emily did not properly configure the DeceptiPot. The system is running WordPress on port 80. Auditd is configured with non-standard audit rules. Which web page did the attacker attempt to…
-
lets go, i haven’t enough time today so i have pasted the images of my practical LOGIN: its jsmol2wp plugin Repository: WordPress jsmol2wp Plugin Vulnerabilities http://www.smol.thm/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=getRawDataFromDatabase&query=php://filter/resource=../../hello.php now inspect the site and decode the base64 seems like it was cmd i pasted that base64 into URL and started a rev shell, after accessing, i got this SQL Database…
-
First, I ran an Nmap scan. It showed port 21 (FTP) was open and accepting logins, and port 80 was also open for HTTP. so first i tried to login FTP I downloaded welcome.txt and it has a message: I found this message and also you can extract the other one whale tree file. I…
-
1. Reconnaissance First, we collect information about the target. I prefer using nmap -sV <ip_addr> because it shows both which ports are open and the service versions in a single scan. The nmap -sV output gives the service name and version for each open port, which helps prioritize further testing (for example, looking up CVEs…
-
lets gooo Task 1: Intro to AD Breaches Ini /etc/resolv.conf (after) Test Hostname Lookups Bash Why does this work? You’re instructing the DNS resolution service to search between 10.200.54.101 and 10.0.0.1 . So, let’s say you say something like this: Bash What’s happening is this: Task 2: OSINT & Phishing Read through and learn about two very common techniques…
-
Task 1: Methodology Outline What is the first phase of the Hacker Methodology? Reconnaissance Task 2: Reconnaissance Overview Who is the CEO of SpaceX? Just Google it. Elon Musk Do some research into the tool: sublist3r, what does it list? sublist3r tool is used for listing subdomain of a website. subdomain What is it called…
