Introduction In today’s post, we have another easy box from offsec playgrounds. The goal here was to use a mix of automated tools to be able to brute the password of a user to get initial foothold. Then we could escalate our privileges using a nice GTFO bin. Let’s learn. Enumaration cat nmap.txt # Nmap 7.94SVN scan initiated Thu Apr 25 18:43:07 2024 as: nmap -sVC -T4 -vv -oN nmap.txt 192.

Introduction In this writeup we are going to check out a machine available on the offsec playgrounds. The idea here was to learn how to use curl and upload files that would ultimately help us into getting an initial foothold into the machine and then use the old tar wildcard to escalate our privileges. Let’s learn. Nmap sudo nmap -T4 -sVC 192.168.241.249 -oN nmap.txt -vv PORT STATE SERVICE REASON VERSION 21/tcp open ftp syn-ack ttl 61 vsftpd 3.

Step by step methodology Nmap scan First of all we can do some basic enumeration like checking for open ports and this is made possible by using a tool called nmap, which is used for network discovery and security auditing. We are also going to pass some options to the command let us break it down first: -sVC: These are options passed to Nmap: -s: This option specifies the type of scan to perform.

Hello guys and welcome to another writeup which features an easy tryhackme box accessible here INTRODUCTION Okay so first things first we obviously try and scan for open ports using nmap We can note down a few things and maybe get an idea of how we would attack the box. We see that the ports: 21(ftp), 22(ssh), 80(http), are open. Well we can use port 22(ssh) for later since we have no credentials.

Hello and welcome to the tryhack me writeup Alice on wonderland. OVERVIEW So we will be trying to get some credentials and log in as a particular user and then try to escalate our priviledges to root and get the flag. With that said lets get to it NMAP SCAN After a quick nmap scan we can see that the port 22 and port 80 are open. WEB ENUMARATION From the previous nmap scan we can see that a web server is hosted on port 80 and we can use the IP to see it

Hello guys and welcome to yet another Tryhackme writeup. Today we will be handling a medium room which is accessible here. Well the methodology is quite similar to the Archangel methodology with quite a twist. Let’s begin. ACCESSING THE WEBPAGE So I ran an NMAP scan but that was not so productive, so I went directly into the site. First we see that the site has two buttons which when we click on dog for example, we get a picture of a dog.