Persecure : my learning archive

Category: Hacking

  • THM: Fusion Corp
    , , ,

    THM: Fusion Corp

    TryHackMe | Fusion Corp Fusion Corp said they got everything patched… did they? Enumeration Start a nmap scan to look for open ports and add the necessary flags for in depth enumeration. From the scan we can take note of the domain name and DC (Fusion-DC.fusion.corp) and start the process of null enumeration. Web Enumeration…

  • THM: Ledger
    ,

    THM: Ledger

    This challenge simulates a real cyber-attack scenario where you must exploit an Active Directory. We started with port scanning, found Active Directory and web ports, then enumerated LDAP to steal user credentials. After getting initial access via RDP, we found plaintext passwords in registry keys and compromised another account. Now we’re exploiting Certificate Service DCOM…

  • THM: Year of the Owl
    ,

    THM: Year of the Owl

    The foolish owl sits on his throne… TryHackMe | Year of the Owl Network Enumeration Directory/Files Enumeration on HTTP HTTP/HTTPS are similar and powered by PHP. /Port 80 HTTP enumeration reveals no potential entry points into the network. No NULL SMB access too. UDP Enumeration Shifting focus to UDP scanning with Nmap, SNMP is detected,…

  • VulnLab: Sendai
    ,

    VulnLab: Sendai

    Network Enumeration Null Enumeration NULL enumeration allows us to gain access to both the shared folder “sendai” and user accounts. Inside the “users” folder, there are several potential usernames. There is also a text file instructing users to set a new password upon logging in. With LookUpSid, we can retrieve additional user accounts. Use Kerbrute…

  • THM: VulnNet: Active
    ,

    THM: VulnNet: Active

    VulnNet Entertainment just moved their entire infrastructure… Check this out. TryHackMe | VulnNet: Active Network Enumeration REDIS Enumeration Nmap reveals that port 6379, which runs a Redis server, is open. Redis is an in-memory data store commonly used for caching, real-time analytics, and message brokering. Notably, we were able to authenticate into the server anonymously,…

  • THM: Silver Platter
    ,

    THM: Silver Platter

    Can you breach the server? Network Enumeration Directory/Files Enumeration on HTTP Port 80 /LICENSE.txt /README.txt Port 8080 Port 8080 returns a 404 error and shows no results for directory or file enumeration. However, the contact page contains a clue about a user and references Silverpeas, an open-source collaboration and document management platform. Attempting to access…

  • THM: Reset
    ,

    THM: Reset

    This challenge simulates a cyber-attack scenario where you must exploit an Active Directory environment. Enumeration SMB Null Enumeration The Data Share folder is accessible to an anonymous user. Inside, there’s an onboarding folder that is continuously updating, preventing me from retrieving the file directly. However, using the more command in smbclient, I can view a…

  • THM: Enterprise
    , , ,

    THM: Enterprise

    You just landed in an internal network. You scan the network and there’s only the Domain Controller… Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Directory/Files Enumeration on HTTP Nothing found on directory/file…

  • THM: Retro
    ,

    THM: Retro

    Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Directory/Files Enumeration on HTTP /retro A hidden directory named “retro” is found, and further enumeration reveals it is a WordPress site. A clue in one…

  • THM: CMesS
    ,

    THM: CMesS

    Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Directory/Files Enumeration on HTTP Since the machine is named CMESS, there’s an HTTP port that leads to the GILA portal. Directory enumeration revealed a lot…

  • THM: AllSignsPoint2Pwnage
    ,

    THM: AllSignsPoint2Pwnage

    A room that contains a rushed Windows based Digital Sign system. Can you breach it? Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Directory/Files Enumeration on HTTP /Port 80 FTP Anonymous Enumeration SMB…

  • THM: Thompson
    ,

    THM: Thompson

    boot2root machine for FIT and bsides guatemala CTF Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Directory/Files Enumeration on HTTP /Port 8080 Apache Tomcat/8.5.5 Tried password spraying the manager webapp: GitHub – b33lz3bub-1/Tomcat-Manager-Bruteforce:…

  • THM: Zeno
    ,

    THM: Zeno

    TryHackMe | Zeno Do you have the same patience as the great stoic philosopher Zeno? Try it out! Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Directory/Files Enumeration on HTTP After spending some…

  • THM: Weasel
    ,

    THM: Weasel

    TryHackMe | Weasel I think the data science team has been a bit fast and loose with their project resources. Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Directory/Files Enumeration on HTTP SMB…

  • THM: Relevant
    ,

    THM: Relevant

    Penetration Testing Challenge Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Directory/Files Enumeration on HTTP SMB Enumeration We can obtained null session access to the SMB shares, and within one of the shares,…

  • THM: UltraTech
    ,

    THM: UltraTech

    The basics of Penetration Testing, Enumeration, Privilege Escalation and WebApp testing Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. /Port 31331 Directory/Files Enumeration on HTTP /robots.txt /utech_sitemap.txt /what.html /partners.html Login page is getting…

  • THM: Skynet
    ,

    THM: Skynet

    A vulnerable Terminator themed Linux machine. Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Directory Enumeration on HTTP /squirrelmail /Port 445 SMB Null authentication is possible. There is anonymous file share, and we…

  • THM: Boiler CTF
    ,

    THM: Boiler CTF

    Intermediate level CTF. Just enumerate, you’ll get there. TryHackMe | Boiler CTF Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Port 80 displays the Apache2 Ubuntu Default Page. Directory enumeration: /joomla /manual File…

  • THM: Cyberlens
    ,

    THM: Cyberlens

    TryHackMe | CyberLens Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Port 80 displays a page that allows users to retrieve metadata from an uploaded file. However, directory enumeration did not yield any…

  • THM: Brains
    ,

    THM: Brains

    TryHackMe | Brains Red: Exploit the Server! Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Port 80 is showing a maintenance page and no interesting directories can be found with directory enumeration. Port…