TryHackMe.com on Stumbling Through Cybersecurity

Hamlet

Sat, 15 Jan 2022 00:00:00 +0000

Recon to foothold Let’s begin with a scan, first masscan rob:~/ $ sudo masscan -p1-65535,U:1-65535 10.10.34.135 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-15 21:04:27 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 8080/tcp on 10.10.34.135 Discovered open port 501/tcp on 10.10.34.135 Discovered open port 8000/tcp on 10.10.34.135 Discovered open port 21/tcp on 10.10.34.135 Discovered open port 80/tcp on 10.10.34.135 Discovered open port 22/tcp on 10.

ContainMe

Fri, 19 Nov 2021 00:00:00 +0000

Recon to foothold We’ll start with a comprehensive scan rob:ContainMe/ $ sudo masscan -p1-65535,U:1-65535 10.10.235.206 --rate=1000 -e tun0 [sudo] password for rob: Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-11-19 14:32:46 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 2222/tcp on 10.10.235.206 Discovered open port 8022/tcp on 10.10.235.206 Discovered open port 22/tcp on 10.10.235.206 Discovered open port 80/tcp on 10.10.235.206 And now an nmap for the found ports

Temple

Thu, 18 Nov 2021 00:00:00 +0000

Another good box, perhaps more of a medium level than hard. Initial foothold needs long patient enumeration, wordlist choice is pretty key

Zeno

Tue, 02 Nov 2021 00:00:00 +0000

A good box that rewards thorough enumeration, medium level is about right although privesc to root is pretty simple

Uranium CTF

Wed, 29 Sep 2021 00:00:00 +0000

Recon to foothold We are given an employee’s Twitter account, hakanbey, so let’s start there and look for potentially useful snippets We get a hostname to add to /etc/hosts We find an invitation to send an XSS or similar attack That’s about all we can extract from the Twitter account, let’s have a look at the deployed machine now, starting as always with a scan

Empline

Tue, 28 Sep 2021 00:00:00 +0000

A fairly easy ‘medium’ box, once the couple of key concepts used are known. Very good CVE to demonstrate and good to read deeper on as a directory traversal example

GameBuzz

Tue, 28 Sep 2021 00:00:00 +0000

This box shows it pays to check every link during enumeration (tip: spidering). The box is probably pitched too high at hard, it’s more of a medium box imho

CMSpit

Sat, 25 Sep 2021 00:00:00 +0000

A box rated medium, but given the needed CVE leaps off the google search pages there isn’t a huge challenge to this one. Probably better rated as easy but still a good, well-put-together room

Fortress

Sat, 25 Sep 2021 00:00:00 +0000

Recon to foothold First off we’ll take the information given and add the hostnames fortress and temple.fortress to our /etc/hosts file Now let’s scan to find what we’re dealing with. A masscan to start rob:Fortress/ $ sudo masscan -p1-65535,U:1-65535 10.10.6.73 --rate=1000 -e tun0 [sudo] password for rob: Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-09-25 15:23:25 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 5581/tcp on 10.10.6.73 Discovered open port 22/tcp on 10.

Crocc Crew

Thu, 23 Sep 2021 00:00:00 +0000

Difficult in 2 ways. A very sneakily hidden initial clue and then a complex escalation path, for me at least!

Sweettooth Inc.

Wed, 28 Jul 2021 00:00:00 +0000

The container escape can be tricky if you take the harder route :smile: justifying the ‘medium’ difficulty tag

Rocket

Thu, 22 Jul 2021 00:00:00 +0000

Rated hard, that seems fair! It’s a tough one with many steps and lots to research. Excellent box to root, learned a lot

Metamorphosis

Wed, 21 Jul 2021 00:00:00 +0000

Part of Incognito CTF. A clever box, rated medium, with a simple but effective route to root. Probably about the right level

RazorBlack

Wed, 21 Jul 2021 00:00:00 +0000

A windows machine, rated medium, this box is pretty hard at times if your Windows skills are not fantastic (like me!). A lot of fun though and excellently made

Year of the Jellyfish

Mon, 26 Apr 2021 17:37:52 +0000

Another box in the ‘New Year’ series by MuirlandOracle. This box is rated hard, but to my mind is not as difficult as some of the other machines in the series

Year of the Owl

Fri, 13 Nov 2020 00:00:00 +0000

A room by MuirlandOracle, rated hard, with a very tricky foothold but then pretty straightforward for a Windows machine

Year of the Fox

Fri, 19 Jun 2020 00:00:00 +0000

A ‘New Year’ series room by MuirlandOracle, rated hard, complete with many rabbitholes and tricks. This one took a while!