Category: THM Challenges

THM Challenges, Rooms, CTFs

Brute It

Task 1 : About this box Deploy the machine Task 2 : Reconnaissance Question 1 : Search for open ports using nmap.How many ports are open? We will use Nmap to perform a quick scan on the machine, I also performed a full port scan (-p-) but no other ports were open so you can… Continue reading Brute It

LFI

Local File Inclusion (LFI) is the vulnerability that is mostly found in web servers. This vulnerability is exploited when a user input contains a certain path to the file which might be present on the server and will be included in the output. This kind of vulnerability can be used to read files containing sensitive… Continue reading LFI

OhSint

Task 1 : OhSINT Question 1 : What is this users avatar of? Since this is not a Jpeg format, exif didn’t return anything useful, let’s try with exiftool. Since it does not come preinstalled we will need to manually install it. Once the installation finishes we can use the tool # apt install libimage-exiftool-perl… Continue reading OhSint

Agent Sudo

Task 1 : Author Note Task 2 : Enumerate Question 1 : How many open ports? For this task we will use nmap without any special switches since we only want to check for open ports, using -p- in order to scan every port. Nmap # nmap -p- -sC 10.10.232.232 Scan returned 3 open ports.… Continue reading Agent Sudo

Bounty Hacker

Task 1 : Deploy the machine Task 2 : Find open ports on the machine. Using nmap to scan every port on the server. # nmap -p- x.x.x.x Answer 2 : Three open ports found. 21,22,80 Task 3 : Who wrote the task list?  First stop, trying anonymous login on the FTP. Success! # ftp… Continue reading Bounty Hacker

Simple CTF

Task 1 : How many services are running under port 1000? Using Nmap we will do a full scan. We could use the -p 1-1000 since the question asks for ports under 1000 but we will do a full scan to get the lay of the land. # nmap -A -p- -Pn 10.10.224.21 -oN nmap_output… Continue reading Simple CTF

Basic Pentesting

Task 1. Web App Testing and Privilege Escalation Question 1.  Deploy the machine and connect to our network Start the machine and connect to the  THM network using openvpn or the attack box. Question 2. Find the services exposed by the machine  Nmap # nmap -p- -A 10.10.204.61 Output 22/tcp   open  ssh         OpenSSH 7.2p2 Ubuntu… Continue reading Basic Pentesting

>rootme

Task 1. Start the machine Task 2. Reconnaissance Question 1. Scan the machine, how many ports are open?  Scan the target #nmap -A -p- 10.x.x.x Found 2 ports open 22,80 Output 22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 80/tcp open  http    Apache httpd 2.4.29 ((Ubuntu)) Question 2. What version of Apache… Continue reading >rootme