search

Vulnhub/ PG/ THM/ HTB

Quick Writeups for Vulnhub/ PG Machines/ THM/ HTB

hashtag
Infosec Prep

USER User : OSCP User-Agent: * Disallow: /secret.txt In robots.txt, we get base64 encoded Private SSH Key. ssh oscp@IP_ADDRESS -i id_rsa

ROOT SUID bash binary /bin/bash -p Unintended Methods: https://falconspy.medium.com/infosec-prep-oscp-vulnhubwalkthrough-a09519236025arrow-up-right

hashtag
FunBoxEasy

USER : Dirbuster -> http://192.168.74.111/store/admin.phparrow-up-right Login with admin:admin, edit image and upload PHP reverse shell. SSH with password.txt ROOT : sudo time /bin/bash

hashtag
Dawn

USER : smbclient //192.168.178.11/ITDEPT Management.log in :80/logs shows web-control running as root. uploaded python shell in smb ITDEPT share with name 'web-control' Got reverse shell with cron. ROOT : checking for SUID BITS, found /usr/bin/zsh -> euid=0

hashtag
Machine Categories

hashtag
SSTI

HTB - Late (Image to Text Application built with Flask)

hashtag
Important Machines Writeups

LogoVulnNet: Active [THM] | CTF Write-upsn1ck3nd.gitbook.iochevron-right

Execute sandboxed Lua scripts through the “EVAL” command using dofile(), Capturing NTLM hash via responder by connecting with //tun0-ip//share, Powerview and sharpHound, BloodHound for enumeration and Abusing GPO Permission via SharpGPOAbuse.exe

LogoVulnNet: EndgameTryHackMechevron-right

Enumerating subdomains and finding CMS "typo3", backend api call for SQLi, password cracking to get in typo3 panel, uploaded reverse shell, cracked user mozilla history to find credentials, getcap to find openssl binary to read and replace passwd file to get root.

PreviousPowershell ScriptingNextApache Log4j

Last updated