security
-
Yo everyone! Back with another write-up, Today we’re going to solve the w1seGuy room on TryHackMe. First, download the task files provided in the room and then start the machine source.py import randomimport socketserver import socket, osimport stringflag = open(‘flag.txt’,’r’).read().strip()def send_message(server, message): enc = message.encode() server.send(enc)def setup(server, key): flag = ‘THM{thisisafakeflag}’ xored = “” for i…
-
Yo, Back with another writeup! Today, we’ll try to complete the Unstable Twin room. We start with an Nmap scan: nmap -sS -sV <IP> The scan shows that ports 22 (SSH) and 80 (HTTP) are open. What is the build number of Vincent’s server? Answer: 1.3.4-dev To find this, you can use Burp Suite: To get…
-
Alham Rizvi “ Disclaimer : Read Before Proceeding: This guide is for educational purposes only and describes findings from controlled, lab-based experiments. Do not use the information to access systems without explicit authorization. Attempting to crack passwords on live systems can lead to IP blocks, account bans, civil liability, and criminal charges” What is Hydra?…
-
Alham Rizvi “A clear understanding of the five most dangerous offensive cyber attacks that dominate today’s threat landscape. You will learn how each attack works conceptually, why it poses serious risks, and where it has been seen in real-world incidents. The content will also highlight common attacker techniques, defensive challenges, andeffective mitigation strategies. By the…
-
{Task 1} Introduction In this room, we will examine application security (AppSec) and incident response (IR). More specifically, we will learn how shifts in threat landscapes, software architecture, and attacker behaviour have made AppSec IR, an intersection of these two practices, increasingly relevant and teach the basics of this hybrid function. Learning Prerequisites While this room has…
-
Recap Before diving in, let’s quickly recap the concepts we’ll explore in this room: Sessions and tokens. Authentication & Authorisation Authentication is the process of verifying your identity (are you J. Doe?). In contrast, authorisation determines what actions an identity can perform in a given resource (what can J. Doe do?). Sessions When you authenticate…
-
To view this room: https://tryhackme.com/room/linuxfundamentalspart1To view the Gitbook for this, view it here. Topics: Introduction Note: to actually become familiar with Linux, you need to be using it daily. Make sure you have it installed (whether that be as your host system, a dual reboot, or on a virtual machine). For pentesting, most people prefer to use Kali. The…
-
{Task 12} NSE Scripts Searching for Scripts Ok, so we know how to use the scripts in Nmap, but we don’t yet know how to find these scripts. We have two options for this, which should ideally be used in conjunction with each other. The first is the page on the Nmap website (mentioned in the previous task) which contains a list of…
-
{Task 1} DeployStart Machine Press the green button to deploy the machine! Please Note: This machine is for scanning purposes only. You do not need to log into it, or exploit any vulnerabilities to gain access. If you are using the TryHackMe AttackBox then you will need to deploy this separately. Click the Start AttackBox button on the…
-
{TASK 1} Networks are simply things connected. For example, your friendship circle: you are all connected because of similar interests, hobbies, skills and sorts. Networks can be found in all walks of life: But more specifically, in computing, networking is the same idea, just dispersed to technological devices. Take your phone as an example; the…
