Welcome to “cat root.txt” Write-ups
The contents of this blog are from my own experience and methodology on how I solved rooms in tryhackme.com and rooted boxes in hackthebox.eu. This is my personal blog and in no way I am getting paid by both hacking education platforms. THM and HTB do not recommend write-ups to be published in public when a room or box is new. THM room creators normally don’t want any spoilers, hints or write-ups within 3 days of releasing the room. For HTB, the box needs to be retired before write-ups get posted.
Entries:
How to Upgrade OpenSSH on Linux
This is a walk-through on how to upgrade your version of OpenSSH. One of the main reasons why an organization needs to upgrade their OpenSSH server is when there are vulnerabilities found on older versions, especially findings from Security Rating solutions provider such as BitSight, SecurityScorecard, and even just Shodan. Everything that I have found …
Continue reading “How to Upgrade OpenSSH on Linux”
Try Hack Me: H4cked
This room is one of the easiest rooms I’ve seen on Try Hack Me. The skills/tools to be tested and needed to finish this room are: FTP, Hydra, Web Shell, Netcat, Reverse Shell, and Wireshark. The room’s creator is @toxicat0r. You can access the room at https://tryhackme.com/room/h4cked I was assigned a target IP address of …
Continue reading “Try Hack Me: H4cked”
Why I Think Security Blue Team’s BTL1 Certification is the Gold Standard for SOC Analysts
The good stuff first I woke up at 4:30 AM to take a leak, and just had a feeling to check my email quick before jumping back to bed. And then I saw the best email I could ever wish for from Security Blue Team: Needless to say, I was not able to go back …
Try Hack Me: Chocolate Factory
The skills to be tested and needed to solve this room are: port scanning, fuzzing, steganography, privelege escalation, reverse shell. This room was released on 1/17/2021 and it is rated easy in difficulty. Shout-out to the room creators, @0x9747, @saharshtapi and @AndyInfoSec. You can access the room at https://tryhackme.com/room/chocolatefactory. I was assigned a target IP …
Continue reading “Try Hack Me: Chocolate Factory”
Try Hack Me: ColddBox Easy
This room is another super easy and it is perfect for beginners who want to try penetration testing/hacking. The skills/tools to be tested and needed to solve this room are: NMAP, Fuzzing Enumeration, WordPress, and Privilege Escalation through SUID. The room’s creator is @C0ldd. You can access the room at https://tryhackme.com/room/colddboxeasy. I was assigned a …
Continue reading “Try Hack Me: ColddBox Easy”
Try Hack Me: Brute It
This room is super easy and it is perfect for beginners who want to try pentesting/hacking. The skills/tools to be tested and needed to solve this room are: NMAP, Fuzzing/Enumeration, SSH, Brute Forcing, Hash Cracking, and Privilege Escalation. This room was released on 11/06/2020 and it is rated easy in difficulty. Shout-out to the room …
Continue reading “Try Hack Me: Brute It”
Try Hack me: Startup
The skills/tools to be tested and needed to solve this room are: NMAP, Fuzzing/Enumeration, FTP, Webshell, Reverse Shell, Wireshark, Interpreting/Understanding scripts, and Starting your own web server. This room was released on 11/08/2020 and it is rated easy in difficulty. Shout-out to the room creator, @r1gormort1s. You can access the room at https://tryhackme.com/room/startup. I was …
Continue reading “Try Hack me: Startup”
Well-Crafted Spear-Phishing Caught by our SEG
One or more employees of a Healthcare System had their email account(s) taken over by malicious user(s). An email was sent to some of our employees, luckily our SEG positively identified the email as a spear-phishing attempt. The malicious emails were automatically quarantined, but I went ahead and looked it up anyway as I was …
Continue reading “Well-Crafted Spear-Phishing Caught by our SEG”
Why Do I Keep On Studying For Degrees And Certifications? (My zero to hero in cyber security)
Originally posted on 4/24/2020, but decided to add this here on my blog. Today (10/27/2020) was supposed to be the day I would finally put the cap on, walk, and formally be awarded with the Master of Science degree in Cyber Security and Information Assurance from Southern Utah University unfortunately due to the COVID-19, the …
Try Hack Me: Mnemonic
The skills to be tested and needed to solve this room are: bruteforce, code analysis, OSINT, fcrackzip and a lot of enumeration. This room was released on 9/27/2020 and it is rated medium in difficulty. Shout-out to the room creator, @villwocki. You can access the room at https://tryhackme.com/room/mnemonic. I was assigned a target IP address …
Continue reading “Try Hack Me: Mnemonic”
Try Hack Me: Upload Vulnerabilities
This skills to be tested and needed to solve the final task of this walkthrough room are: reverse shell, Burp Suite, upload vulnerability, and client-side bypass extension filtering. I am not writing a walkthrough for all the tasks because this is a “walkthrough” room. The only part that the creator wouldn’t hold your hand to …
Continue reading “Try Hack Me: Upload Vulnerabilities”
Try Hack Me: Poster
The skills to be tested and needed to solve this room are: rdbms, postgressql, nmap, Metaspolit, privilege escalation, SSH, find and enumeration. This room was released today, 9/11/2020. Shout-out to the room creator, @stuxnet. You can access the room at https://tryhackme.com/roomposter I was assigned a target IP address of 10.10.66.128. You will be assigned a …
Continue reading “Try Hack Me: Poster”
Try Hack Me: RootMe
The skills to be tested and needed to solve this room are: nmap, GoBuster, privilege escalation, SUID, find, webshell, and gtfobins. This room was released today, 9/9/2020. Shout-out to the room creator, @reddyyZ. You can access the room at https://tryhackme.com/room/rootme I was assigned a target IP address of 10.10.177.208. You will be assigned a different …
Continue reading “Try Hack Me: RootMe”
Try Hack Me: GamingServer
The skills to be tested and needed to solve this room are: nmap, GoBuster, lxd, privilege escalation, local web server, ssh2john, and John. This room was released on 8/30/2020. The initial foothold to me was super easy, but I struggled with the privilege escalation in exploiting lxd. I was really excited because in one of …
Continue reading “Try Hack Me: GamingServer”
Try Hack Me: Kiba
The skills to be tested and needed to solve this room are: rustscan, CVE, capabilities, privilege escalation, reverse-shell, and nc (netcat). This room was released today 8/28/2020, and I wanted to try if I can crack it. It took me less than 30 minutes to retrieve the root flag. This is also the first time …
Continue reading “Try Hack Me: Kiba”
Loading…
Something went wrong. Please refresh the page and/or try again.
About Me
Hi, I go by “lightkunyagami” in the infosec/pentesting world. I am a husband to an amazing wife, a father to two wonderful kids. I work full-time as a Security Analyst for an organization in Salt Lake City, UT, and also an Airman in the U.S. Air Force. I am a regular on both tryhackme.com and hackthebox.eu, but mostly THM lately.
This blog will typically contain write-ups of rooms from tryhackme.com and boxes from hackthebox.eu.
For questions, email me at inquiries@beginninghacking.net
Subscribe to My Blog
Get new content delivered directly to your inbox.
You must be logged in to post a comment.