CTF for hackers – TryHackMe

What is it?

TryHackMe is an excellent training ground and hobby room  for hackers and pen testers. Best thing: it offers plenty of stuff for free.

And even the paid services are a fair deal for what they offer.

Lets have a look.

This part of the frontpage already tells … Read more

20
Apr
Wonderland – a tryhackme.com writeup

user hopping

The interesting thing with this machine is that there are quite a few users involved that we must own step by step to finally get to root. You can find the machine over at tryhackme.com

Lets dive right in and start with a portscan.

sudo nmap -sV 10.10.45.109
Read more

10
Apr
Pickle Rick – a tryhackme.com writeup

Pickle Rick – a fun and basic web ctf

This is a writeup of the Pickle Rick Room of tryhackme.

Its a pretty basic – yet fun – web CTF Room

There are a couple of interesting writeups out there already – I wanted to add this one because I … Read more

09
Apr
John – everybody’s most favorite ripper

What is that?

John does one thing and does that very well:

It can find the corresponding password for a given hash.

John has different ways to do this – we are looking at the wordlist-mode here.

We will talk about hashes in a different article – for now we … Read more

08
Apr
gobuster – finding files, directories and subdomains

What is it?

gobuster is actually quite a multitool: when you look at the help page there are modules to find subdomains, directories, files and more.

Most of the time you will use gobuster to find directories and files on a webserver by using a wordlist.

Secondly you can use … Read more

07
Apr
scylla – another OSINT social media tool

What is it?

There is no shortage of OSINT social media tools these days.

We already talked about sherlock and its fork – maigret.

Her is another on: scylla.

scylla is different in that it allows you to do a bunch of different searches:

you can search for a credit … Read more

06
Apr
Maigret – the Sherlock fork

What is it?

We talked about sherlock earlier – maigret is quite similar. It is infact a fork of sherlock.

So it searches for a username across a wide range of social media plattforms.

It claims to be a bit more soffisticated than sherlock. Giving you less false positives.

What … Read more

06
Apr
LazyAdmin – a tryhackme.com writeup

LazyAdmin

Another fun CTF from tryhackme.com

We don’t know anything about this box – just that we need to find the user and the root flag. Let’s strart with a classic portscan.

sudo nmap -sV 10.10.215.210

That’s not much. The website looks like a default apache/ubuntu page – the source … Read more

03
Apr
RootMe – a tryhackme.com writeup

RootMe

This is a very basic CTF room from tryhackme.com – you basically guided through step by step. Let’s have a look.

sudo nmap -sV 10.10.189.114

So there we have our first three answers: 2 Ports, Apache 2.4.29 and on 22 a ssh server is running.

Time for gobuster

gobuster
Read more

02
Apr
Bounty Hacker – a tryhackme.com writeup

This one is quite fun since it involves multiple services and als some local privilege escalation.

You can find it here at tryhackme.com

Lets start with a portscan as usual:

sudo nmap -A 10.10.127.129

 

Lets look at the FTP server first and see if we can log in as user … Read more

01
Apr