Category: Cyberstuff

Ok, super fun box. It has a few very interesting distractors but they’re very educational. 1. Find TCP 22/80 open but 22 is almost never fruitful so we’ll ignore it.…

Rainbow Tables are not merely precomputed databases of hashes and their password equivalents. I’ve seen this in many study resources from EC-Council to Study guides for IT Security certifications and…

1. scanned, found tcp/80 open 2. Found wordpress install 3. Found 3 usernames with wpscan. Was an old ver, could have exploited that. 4. Found hints recommending using cewl to…

Plan A 1. discover http on 80 with drupal 7 2. Metasploit, search for drupal, find unix/webapp/drupal_drupalgeddon2 3. Set options, exploit and we have Meterpreter shell 5. Find flags in…

I spent most of 2021-2024 either racing mountain bikes, training to race or hacking virtual machines on Offensive Computing’s Proving Grounds or TryHackMe.com. Here are some random tactics I picked…

1. nmap to find only tcp/22 and 80 open. 2. Robots.txt has a base64-encoded string that decodes to a url string. It’s a password. 3. Find the username in the…

Howdy, For the impatient, here’s a quick summary of breaking into the Vulnhub box “Geisha” sudo nmap -p- 1.2.3.4 The password ‘letmein‘ is revealed (no quotes). SSH into the

nmap scan reveals open ports while dirb found hidden URLs, one called http://192.168.153.49/icons/ with a text file called VDSoyuAXiO.txt (A private key) Cool. Private key. ssh with it. Found usernames…

Log in here with a Kali linux box: https://portal.offensive-security.com/proving-grounds/play Get a free VPN set of credentials and connect. Click to start the target box called SunsetDecoy and do these steps:…

As always, nmap scan reveals only TCP/80 open with new apache install page displayed dirb (or gobuster) reveals subdirectory called wordpress. Easy! wpscan –url http://192.168.53.23/wordpress –enumerate p (Enumerate plugins to…