Task 1 : OhSINT Question 1 : What is this users avatar of? Since this is not a Jpeg format, exif didn’t return anything useful, let’s try with exiftool. Since it does not come preinstalled we will need to manually install it. Once the installation finishes we can use the tool # apt install libimage-exiftool-perl… Continue reading OhSint


Intro NetBIOS (Network Basic Input/Output System) is a network service that enables applications on different computers to communicate with each other across a local area network. Today, NetBIOS is used to support legacy NetBIOS applications but is also widely used for NetBIOS name resolution. NetBios is often mistaken for a protocol where in fact it… Continue reading Netbios


Intro TCP/IP swiss army knife Netcat is a simple unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network… Continue reading Netcat

Agent Sudo

Task 1 : Author Note Task 2 : Enumerate Question 1 : How many open ports? For this task we will use nmap without any special switches since we only want to check for open ports, using -p- in order to scan every port. Nmap # nmap -p- -sC Scan returned 3 open ports.… Continue reading Agent Sudo


Intro What is a shell? Simply put, the shell is a program that takes commands from the keyboard and gives them to the operating system to perform. On most Linux systems a program called sh (which stands for Bourne Shell, an enhanced version of the original Unix shell program, sh, written by Steve Bourne) acts as the shell… Continue reading Shells

Bounty Hacker

Task 1 : Deploy the machine Task 2 : Find open ports on the machine. Using nmap to scan every port on the server. # nmap -p- x.x.x.x Answer 2 : Three open ports found. 21,22,80 Task 3 : Who wrote the task list?  First stop, trying anonymous login on the FTP. Success! # ftp… Continue reading Bounty Hacker


Hail Hydra! Hydra is a parallelized password cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely. More info at… Continue reading Hydra

Simple CTF

Task 1 : How many services are running under port 1000? Using Nmap we will do a full scan. We could use the -p 1-1000 since the question asks for ports under 1000 but we will do a full scan to get the lay of the land. # nmap -A -p- -Pn -oN nmap_output… Continue reading Simple CTF

John The Ripper

Various notes and key takeaways from the THM room John The Ripper. https://tryhackme.com/room/johntheripper0 John is different from tools like hydra. Hydra does blind bruteforcing by trying username/password combinations on a service daemon like ftp server or telnet server. John however needs the hash first. Useful Commands Quick way to check the version running on your… Continue reading John The Ripper

Basic Pentesting

Task 1. Web App Testing and Privilege Escalation Question 1.  Deploy the machine and connect to our network Start the machine and connect to the  THM network using openvpn or the attack box. Question 2. Find the services exposed by the machine  Nmap # nmap -p- -A Output 22/tcp   open  ssh         OpenSSH 7.2p2 Ubuntu… Continue reading Basic Pentesting