FeroBuster

  Feroxbuster: A Fast, Flexible Web Fuzzer for Recon Feroxbuster is a fast, multi-threaded content discovery tool (directory and file brute-forcer) written in Rust. It’s designed to be easy to install, performant on large targets, and flexible enough for automation or interactive use. Why Feroxbuster? Speed & Efficiency: Built in Rust, it’s blazingly fast and […]

Lo-Fi @ Tryhackme.com

You can find the room here. This is a pretty easy box and really great for newcomers.  Reading the notes from the room, I did not run an NMAP or RUSTSCAN. It said to go follow the URL, so that is what I did.  Also, it said to try similar content and had links to […]

Pyrat

Pyrat by TRYHACKME Every hint you need really is in the description. We know there is a “potential” Python RCE We know a known folder has user credentials in it. We know we can see older versions of said app End points with a custom Script And we know we need to fuzz a password […]

The Sticker Shop

The Try Hack Me room can be found here. Your local sticker shop has finally developed its own webpage. They do not have too much experience regarding web development, so they decided to develop and host everything on the same computer that they use for browsing the internet and looking at customer feedback. Smart move! […]

The Valley

The Try Hack Me room can be found here. Nmap scan shows me that there are three ports open. 22 SSH,80 HTTP, 37370 FTP.  Odd number for FTP, no matter though. Anonymous log-on was not allowed on FTP, so I moved to the webpage. I I did not see anything to grab on to right […]

Jack-Of-All-Trades

jackinthebox

Jack-Of-All-Trades TryHackMe Room Jack is a man of a great many talents. The zoo has employed him to capture the penguins due to his years of penguin-wrangling experience, but all is not as it seems… We must stop him! Can you see through his facade of a forgetful old toymaker and bring this lunatic down? […]

Silver Platter

SILVER PLATTER

Silver Platter @ TryHackMe Rust scan showed three ports open 22,80,8080 rustscan -a 10.10.167.171 .—-. .-. .-. .—-..—. .—-. .—. .–. .-. .-. | {} }| { } |{ {__ {_ _}{ {__ / ___} / {} | `| | | .-. | {_} |.-._} } | | .-._} } }/ / | | | […]

Billing

Starting off with a Rustscan revealed that ports 22, 88, 3306, and 5038 were open I headed to port 80 to see what I could find.  I was greeted with a login page.  I tried the normal few usernames and passwords with no luck.  I moved to SQL and other tricks, but no luck there.  […]

Stable Shells

So now you have your rev shell, but now what? Are you looking at a low-quality shell with no tab to complete or all the fun features you have come to enjoy? You will need a stable shell if you want to be able to use certain commands like su and sudo. The good news […]

mKingdom

mKingdom room can be found here. I started off with a Rustscan, I also did a full Nmap scan but nothing new to add. HTTP is being hosted on port 85. Going to the website, I was greeted with a fine image to remind me of my failures in life. A little too soon, Bowser. […]