https://app.hackthebox.com/machines/Cap This is a very easy box. With Hack The Box, it takes a long time to run nmap. I started nmap and loaded up the IP in my web browser to see if there was a website. Enumeration Initial Web Enumeration Visiting http://10.10.10.245/, the title page mentioned /ip. However, instead of running wfuzz immediately, … Read more
Introduction In this write-up, I will walk through my process of exploiting the TryHackMe IDE machine, gaining an initial foothold, escalating privileges, and ultimately capturing the root flag. Enumeration 1. Scanning for Open Ports I started with an Nmap scan to discover open services: This revealed the following key findings: 2. FTP Enumeration Anonymous FTP … Read more
In this write-up, I will walk through my process of exploiting the TryHackMe IDE machine, gaining an initial foothold, escalating privileges, and ultimately capturing the root flag. Enumeration 1. Scanning for Open Ports I started with an Nmap scan to discover open services: This revealed the following key findings: 2. FTP Enumeration Anonymous FTP access … Read more
Challenge Overview This challenge provided a downloadable file named cat.ab, which was identified as an Android Backup file. The goal was to analyze the backup and extract hidden information, ultimately leading to the discovery of the flag. Step 1: Identifying the File Type After downloading the file, I used the strings command to inspect its … Read more
Introduction Steganography is the practice of hiding information within digital media, such as images or audio files. One common steganographic technique involves embedding hidden messages inside JPEG images using tools like Steghide. However, retrieving these hidden messages can be time-consuming, especially when dealing with password-protected files. This is where Stegseek comes in. Stegseek is a … Read more
Link to TryHackMe Investigating Windows Question 1: What is the version and year of the Windows machine? Opening up the command prompt and running this command winver Showed me it was running Windows Server 2016 Answer: Windows Server 2016 Question 2: What user logged in last? I checked Event Viewer>Windows Logs>Security Then set a custom … Read more
Lesson Learned” TryHackMe Box Introduction The Lesson Learned box on TryHackMe is a realistic web application that challenges users to think like attackers. Unlike traditional CTF-style challenges, it encourages treating the target as a real-world system, forcing a more methodical approach. My objective was simple: bypass authentication and retrieve the flag. However, I encountered multiple dead ends before finally … Read more
Introduction When performing penetration testing, fuzzing is a critical technique used to discover hidden files, parameters, vulnerabilities, and even user authentication bypasses. One of the most powerful open-source tools for web fuzzing is Wfuzz. This tool is highly flexible, allowing security professionals to automate brute force attacks on web applications and uncover hidden endpoints. In … Read more
📌 What is GoBuster? GoBuster is a fast directory and file brute-forcer used in penetration testing and bug bounty hunting. It is written in Go and is used to enumerate: 🚀 Installation If you don’t have GoBuster installed, you can get it using: Or install it manually: 🔎 Basic Usage 1️⃣ Directory and File Enumeration … Read more
All In One The total time it took me to root this machine was about 7 hours. Once I got a shell, the rest was easy. Here is my walk though All in One on Try Hack Me. Nmap scan report: GoBuster scan Nikto Results These are normally what I run first. I found three … Read more