Cyber Heros
Explore the TryHackMe Cyber Heros box in this write-up. Learn how to scan ports with Nmap, enumerate directories with Gobuster, reverse the password, and capture the flag
Installing Rustscan
Sometimes you want to get a quick scan done and Nmap can take a while. This is where Rustscan can speed things up, I will walk you through installing and using Rust on Kali Linux. The Git Hub page can be found here You can get the Kali download here. Please note that you will […]
Cap VM – Hack The Box
https://app.hackthebox.com/machines/Cap This is a very easy box. With Hack The Box, it takes a long time to run nmap. I started nmap and loaded up the IP in my web browser to see if there was a website. Enumeration Initial Web Enumeration Visiting http://10.10.10.245/, the title page mentioned /ip. However, instead of running wfuzz immediately, […]
TryHackMe – IDE Walkthrough
Introduction In this write-up, I will walk through my process of exploiting the TryHackMe IDE machine, gaining an initial foothold, escalating privileges, and ultimately capturing the root flag. Enumeration 1. Scanning for Open Ports I started with an Nmap scan to discover open services: This revealed the following key findings: 2. FTP Enumeration Anonymous FTP […]
TryHackMe – IDE Walkthrough
In this write-up, I will walk through my process of exploiting the TryHackMe IDE machine, gaining an initial foothold, escalating privileges, and ultimately capturing the root flag. Enumeration 1. Scanning for Open Ports I started with an Nmap scan to discover open services: This revealed the following key findings: 2. FTP Enumeration Anonymous FTP access […]
Investigating an Android Backup – Hack The Box Write-Up
Challenge Overview This challenge provided a downloadable file named cat.ab, which was identified as an Android Backup file. The goal was to analyze the backup and extract hidden information, ultimately leading to the discovery of the flag. Step 1: Identifying the File Type After downloading the file, I used the strings command to inspect its […]
Stegseek: Fast and Efficient Steganography Too
Introduction Steganography is the practice of hiding information within digital media, such as images or audio files. One common steganographic technique involves embedding hidden messages inside JPEG images using tools like Steghide. However, retrieving these hidden messages can be time-consuming, especially when dealing with password-protected files. This is where Stegseek comes in. Stegseek is a […]
Investigating Windows
Link to TryHackMe Investigating Windows Question 1: What is the version and year of the Windows machine? Opening up the command prompt and running this command winver Showed me it was running Windows Server 2016 Answer: Windows Server 2016 Question 2: What user logged in last? I checked Event Viewer>Windows Logs>Security Then set a custom […]
SQL Injection on “Lesson Learned” TryHackMe Box
Lesson Learned” TryHackMe Box Introduction The Lesson Learned box on TryHackMe is a realistic web application that challenges users to think like attackers. Unlike traditional CTF-style challenges, it encourages treating the target as a real-world system, forcing a more methodical approach. My objective was simple: bypass authentication and retrieve the flag. However, I encountered multiple dead ends before finally […]
Wfuzz: A Powerful Tool for Web Fuzzing
Introduction When performing penetration testing, fuzzing is a critical technique used to discover hidden files, parameters, vulnerabilities, and even user authentication bypasses. One of the most powerful open-source tools for web fuzzing is Wfuzz. This tool is highly flexible, allowing security professionals to automate brute force attacks on web applications and uncover hidden endpoints. In […]