Introduction In today’s post, we have another easy box from offsec playgrounds. The goal here was to use a mix of automated tools to be able to brute the password of a user to get initial foothold. Then we could escalate our privileges using a nice GTFO bin. Let’s learn. Enumaration cat nmap.txt # Nmap 7.94SVN scan initiated Thu Apr 25 18:43:07 2024 as: nmap -sVC -T4 -vv -oN nmap.txt 192.

Introduction In this writeup we are going to check out a machine available on the offsec playgrounds. The idea here was to learn how to use curl and upload files that would ultimately help us into getting an initial foothold into the machine and then use the old tar wildcard to escalate our privileges. Let’s learn. Nmap sudo nmap -T4 -sVC 192.168.241.249 -oN nmap.txt -vv PORT STATE SERVICE REASON VERSION 21/tcp open ftp syn-ack ttl 61 vsftpd 3.

Step by step methodology Nmap scan First of all we can do some basic enumeration like checking for open ports and this is made possible by using a tool called nmap, which is used for network discovery and security auditing. We are also going to pass some options to the command let us break it down first: -sVC: These are options passed to Nmap: -s: This option specifies the type of scan to perform.

Hello and welcome to the tryhack me writeup Alice on wonderland. OVERVIEW So we will be trying to get some credentials and log in as a particular user and then try to escalate our priviledges to root and get the flag. With that said lets get to it NMAP SCAN After a quick nmap scan we can see that the port 22 and port 80 are open. WEB ENUMARATION From the previous nmap scan we can see that a web server is hosted on port 80 and we can use the IP to see it

Hello guys and welcome to yet another writeup. This is ye another easy box on tryhackme and is accessible here We shall tackle some awesome topics which include: LFI. Priviledge exploitation. Web exploitation. With that said let us get right to it NMAP scan. As usual we are gonna start of by scanning open ports on our machine. We are able to see that port 80 is open and is hosting a web application.

Hello guys and welcome to another writeup featuring linux priviledge escalation. This is an easy box on tryhackme and you can access it here OVERVIEW Okay quick overview, so we will be trying to bruteforce ssh and get some credentials for the box. I had fun on it and I hope you will to so lets get to it. NMAP SCAN First things first a quick nmap scan to check on the open ports.

Hello guys and welcome to yet another Tryhackme writeup. Today we will be handling a medium room which is accessible here. Well the methodology is quite similar to the Archangel methodology with quite a twist. Let’s begin. ACCESSING THE WEBPAGE So I ran an NMAP scan but that was not so productive, so I went directly into the site. First we see that the site has two buttons which when we click on dog for example, we get a picture of a dog.