This skills to be tested and needed to solve the final task of this walkthrough room are: reverse shell, Burp Suite, upload vulnerability, and client-side bypass extension filtering. I am not writing a walkthrough for all the tasks because this is a "walkthrough" room. The only part that the creator wouldn't hold your hand to …
Try Hack Me: Poster
The skills to be tested and needed to solve this room are: rdbms, postgressql, nmap, Metaspolit, privilege escalation, SSH, find and enumeration. This room was released today, 9/11/2020. Shout-out to the room creator, @stuxnet. You can access the room at https://tryhackme.com/roomposter I was assigned a target IP address of 10.10.66.128. You will be assigned a …
Try Hack Me: RootMe
The skills to be tested and needed to solve this room are: nmap, GoBuster, privilege escalation, SUID, find, webshell, and gtfobins. This room was released today, 9/9/2020. Shout-out to the room creator, @reddyyZ. You can access the room at https://tryhackme.com/room/rootme I was assigned a target IP address of 10.10.177.208. You will be assigned a different …
Try Hack Me: GamingServer
The skills to be tested and needed to solve this room are: nmap, GoBuster, lxd, privilege escalation, local web server, ssh2john, and John. This room was released on 8/30/2020. The initial foothold to me was super easy, but I struggled with the privilege escalation in exploiting lxd. I was really excited because in one of …
Try Hack Me: Kiba
The skills to be tested and needed to solve this room are: rustscan, CVE, capabilities, privilege escalation, reverse-shell, and nc (netcat). This room was released today 8/28/2020, and I wanted to try if I can crack it. It took me less than 30 minutes to retrieve the root flag. This is also the first time …
Try Hack Me: Tartarus
The skills to be tested and needed to solve this room are: nmap, gobuster, hydra, burp suite, privilege escalation, cron jobs, and nc (netcat). This room has three privilege escalations, two horizontal lateral movement and the last one obviously is vertical. This room was released on 8/13/2020, and I wanted to try if I can …
Informational: Phishing Attempt Uncovered on 8/18/2020
Below is the phishing email's message body: 2. The "CLICK HERE" is the phishing link that takes you to a spoofed Microsoft Office login page: The real destination URL of the "CLICK HERE" link The spoofed Microsoft Office login page 3. Sender information: 4. The originating location of the email is Los Angeles, CA: Update …
Continue reading "Informational: Phishing Attempt Uncovered on 8/18/2020"
Real World “Credential-Stealing” Phishing Email SEG-Missed
We have heard it many times that Email Phishing and Social Engineering are the hardest threat vectors to remediate. Or should I say, there is no perfect solution against them since they target end users and their security awareness. Not even the cybersecurity training firm giant, SANS, is exempted to falling victim to a phishing …
Continue reading "Real World “Credential-Stealing” Phishing Email SEG-Missed"
Try Hack Me: Overpass 2 – Hacked
The skills to be tested and needed to solve this room are: Forensics, Wireshark, Hashcat, John, Hydra, and SUID. Analyzing the PCAP using Wireshark was a great review for me. Cracking the hash with the salt made me do extra researching on how to identify hashes and which hash-type to use to crack the them. …
Try Hack Me: Bolt
The skills to be tested and needed to solve this room are: RCE, Metasploit, and just a keen eye. This room was released today 8/12/2020, and I wanted to try if I can crack it. This is a super easy room. Perfect for anyone who wants to try ctf or hacking. I also chose to …
You must be logged in to post a comment.