thejcksn

Welcome back geeks (a term of endearment I assure you). Today we are going to do a quick guided walkthrough of the RootMe box by  TryHackMe . Without further ado, start your engines and get ready for the nmap scan. This answers the first two questions: Scan the machine, how many ports are open? What version of Apache is running? It then tells us to perform a directory list scan on the box, and find the hidden directory. Easy enough! Browsing to our secret directory, we find a landing page with what looks to be an upload form. Im going to go straight for gold and see if it will take a php reverse shell. The one we are going to be using is the PentestMonkey PHP-Reverse-Shell. Make sure to edit the shell to contain your IP and listening port before uploading. Nope. Not sure what language that is, but I'm pretty certain it translates as "Nice try, not going to happen". I'm guessing it's a file extension filter, we can try and bypass that by changing our shell to php5.

Greetings earthlings! Welcome back to another walkthrough, this time for the Agent Sudo room by  TryHackMe . Hoody on, coffee brewed, let's go! Deploy the machine, and click the box to say you've done so, easy points right there. As always, we will start with an nmap scan, see what we are dealing with here: We have FTP on 21, SSH on 22 and a http web server running on port 80. There's no anonymous log in on the FTP server, so I'm going to start with the web server. Set Gobuster running, and let's browse the page whilst we wait for the results. Nothing interesting back from the gobuster scan, but the webpage gives us a bit of a clue, it says we need to change our user-agent in order to access the site. There is a great guide of how to do this in Firefox  here . After trying a couple of obvious guesses (using Agent R as a starting point), I get the right user-agent and the webpage changes to this: So now we have a potential username, and the indication that this user

Welcome to my walkthrough of the Brooklyn Nine Nine box from TryHackMe.com. This is my first writeup, so apologies in advance for any mistakes. I will try to keep things spoiler free whilst also showing as much information as possible. So without further delay, lets begin. First things first, start both the machine and the Attack Box, this takes a few minutes, so I'm going to grab a brew in the meantime. Hacking doesn't work without caffeine (and a black hoodie of course)! Ok. so coffee is sorted and box is loaded. Lets begin with an nmap scan, we're not trying to be stealthy here so I use aggressive mode with a full TCP connect and scan all ports. THM are known to hide things on obscure ports so best to check them all even if it does take a little longer. Scan results are in! We have port 21 running an FTP server, anonymous login is allowed and looks like we have an interesting file called "note_to_****.txt" . We are also running SSH on port 22 and HTTP on port 8