5 hours ago

TryHackMe — AgentT

AgentT is a CTF on TryHackMe. It is categorized as “Easy”. The room has the following description:

Tryhackme

3 min read

1 day ago

TryHackMe — CyberHeroes WriteUp

CyberHeroes is a CTF with “Easy” difficulty on TryHackMe. In order to get the flag, you have to bypass the authentication mechanisms of the web page. The web app After navigating to the displayed IP address in a browser the following web page is shown.

Tryhackme Walkthrough

3 min read

3 days ago

TryHackMe — Tech_Supp0rt: 1 WriteUp

Tech_Supp0rt: 1 is a boot2root machine on TryHackMe. The room has “Easy” difficulty . Enumeration I’ve started the enumeration phase with a Nmap scan. The following command scans all ports of the target and utilizes script and version enumeration. The results will be additionally outputted to a file called “initial.nmap”. …

Tryhackme

9 min read

3 days ago

Web Security Academy — OS command injection, simple case

This challenge is from the Web Security Academy by Portswigger. It is under the category “OS command injection”. After starting the lab you will be redirected to a web shop. When selecting an item with the button “View details”, you will redirected to a details page of the item.

Web Security

3 min read

4 days ago

HackTheBox — Explosion

Explosion is a boot2root machine on HackTheBox. It has “Very Easy” difficulty and is part of Tier 0 starting point challenges. Enumeration I’ve started the enumeration phase with an Nmap scan: sudo nmap -p- 10.129.183.199 -sC -sV -oN nmap/initial This command will scan all ports of the target with scripts…

Hackthebox

2 min read

HackTheBox — Explosion

Explosion is a boot2root machine on HackTheBox. It has “Very Easy” difficulty and is part of Tier 0 starting point challenges.

Enumeration

I’ve started the enumeration phase with an Nmap scan:

sudo nmap -p- 10.129.183.199 -sC -sV -oN nmap/initial

This command will scan all ports of the target with scripts…

6 days ago

HackTheBox — Redeemer

Redeemer is a boot2root machine on HackTheBox. It has “Very Easy” difficulty and is part of Tier 0 starting point challenges. Enumeration As usual I’ve started with an Nmap scan: sudo nmap -p- 10.129.196.84 -sC -sV -oN nmap/initial This will scan all ports of the target and use scripts and service…

Hackthebox

2 min read

Aug 2

HackTheBox — Dancing

Dancing is a boot2root machine on HackTheBox. It is “Very Easy” difficulty and is part of Tier 0 starting point challenges. Enumeration I have started with the following Nmap scan: sudo nmap -p- 10.129.1.12 -sC -sV -oN nmap/initial It will scan with scripts and enumerate versions of all ports on the…

Hackthebox

2 min read

Aug 1

HackTheBox — Fawn

Fawn is a boot2root CTF on HackTheBox. It is “Very Easy” difficulty and is part of Tier 0 starting point challenges. Enumeration I have started the following Nmap scan: sudo nmap -p- 10.129.1.14 -sC -sV -oN nmap/initial With that command, Nmap will use scripts and version enumeration to scan all ports…

Red Team

2 min read

Jul 31

HackTheBox — Meow

Meow is boot2root CTF on HackTheBox. It has the difficulty “very easy” and is part of the Tier 0 starting point machines. Enumeration I’ve started with a Nmap scan with the following parameters: sudo nmap -p- 10.129.1.17 -sC -sV -oN nmap/initial This will scan all ports on the target, as well as invoke scripts and version enumeration. Finally it will output the results into “intial”-file in “nmap” directory.

Hackthebox

2 min read

HackTheBox — Meow

Meow is boot2root CTF on HackTheBox. It has the difficulty “very easy” and is part of the Tier 0 starting point machines.

Enumeration

I’ve started with a Nmap scan with the following parameters:

sudo nmap -p- 10.129.1.17 -sC -sV -oN nmap/initial

This will scan all ports on the target, as well as invoke scripts and version enumeration. Finally it will output the results into “intial”-file in “nmap” directory.

After running Nmap, there was only one port open. Port 23 was serving Telnet:

Jul 30

Siemens Future Minds CTF — VaxRegister

VaxRegister was a challenge during the Siemens Future Minds CTF. The challenge was a web application, which is used to track COVID infections. Vulnerability The vulnerable endpoint was /api/enroll. The endpoint will call addRecord-Function: The addRecord function will check for the user supplied input and will set the column of a…

Ctf

2 min read

TryHackMe — AgentT

TryHackMe — CyberHeroes WriteUp

TryHackMe — Tech_Supp0rt: 1 WriteUp

Web Security Academy — OS command injection, simple case

HackTheBox — Explosion

HackTheBox — Explosion

Enumeration

HackTheBox — Redeemer

HackTheBox — Dancing

HackTheBox — Fawn

HackTheBox — Meow

HackTheBox — Meow

Enumeration

Siemens Future Minds CTF — VaxRegister

Rabbit