Investigating Windows
Link to TryHackMe Investigating Windows Question 1: What is the version and year of the Windows machine? Opening up the command prompt and running this command winver Showed me it was running Windows Server 2016 Answer: Windows Server 2016 Question 2: What user logged in last? I checked Event Viewer>Windows Logs>Security Then set a custom […]
SQL Injection on “Lesson Learned” TryHackMe Box
Lesson Learned” TryHackMe Box Introduction The Lesson Learned box on TryHackMe is a realistic web application that challenges users to think like attackers. Unlike traditional CTF-style challenges, it encourages treating the target as a real-world system, forcing a more methodical approach. My objective was simple: bypass authentication and retrieve the flag. However, I encountered multiple dead ends before finally […]
Wfuzz: A Powerful Tool for Web Fuzzing
Introduction When performing penetration testing, fuzzing is a critical technique used to discover hidden files, parameters, vulnerabilities, and even user authentication bypasses. One of the most powerful open-source tools for web fuzzing is Wfuzz. This tool is highly flexible, allowing security professionals to automate brute force attacks on web applications and uncover hidden endpoints. In […]
GoBuster Cheat Sheet
📌 What is GoBuster? GoBuster is a fast directory and file brute-forcer used in penetration testing and bug bounty hunting. It is written in Go and is used to enumerate: 🚀 Installation If you don’t have GoBuster installed, you can get it using: Tested on Ubuntu/Kali/Parrot/Debian Tested on Fedora 🔎 Basic Usage 1️⃣ Directory and […]
All In One @ TryHackMe.com
All In One The total time it took me to root this machine was about 7 hours. Once I got a shell, the rest was easy. Here is my walk though All in One on Try Hack Me. Nmap scan report: GoBuster scan Nikto Results These are normally what I run first. I found three […]
Hydra Brute forcing
Brute Forcing SSH Alternative: Using multiple usernames Brute Forcing FTP Alternative: Anonymous Login Brute Forcing HTTP Login (Basic Auth) Brute Forcing MySQL Brute Forcing RDP Brute Forcing Telnet Brute Forcing SMTP (Mail Server) Brute Forcing VNC Brute Forcing SNMP Brute Forcing WordPress Brute Forcing SMB (Windows File Sharing) Common Options
Nmap
Nmap Common Nmap Commands & Examples Nmap (Network Mapper) is a powerful tool used for network discovery and security auditing. Below are the most common Nmap commands, along with practical examples. Basic Host Discovery Scan that I start with Scan a Range of IPs Scan an Entire Subnet Port Scanning Scan Specific Ports Scans only […]
Tech_Supp0rt: 1
Hack into the machine and investigate the target. Please allow about 5 minutes for the machine to fully boot! Note: The theme and security warnings encountered in this room are part of the challenge. Nmap Scan nmap 10.10.14.121 -sC -sV -p- Gobuster – Web Directory Brute Force gobuster dir -u http://10.10.14.121 -w /usr/share/wordlists/dirb/common.txt -x php,txt,HTML […]
MadnesS
For this box, you really should think “Outside the box.” With all boxes, I start with an NMAP scan. This is what NMAP came back with. Just a reminder, this is an all port scan “-p-” If you want to run a top port scan, you can remove the “-p-“. The scan revealed an SSH […]