Description Plattform: TryHackMeLink: : Hard 🔴 Enumeration The initial phase of this engagement involved, as always, a network scan using Nmap. The scan revealed multiple open ports and services on the target: The SSH service was running OpenSSH 8.9p1 on…
Description Plattform: TryHackMeLink: : Hard 🟠 Enumeration NMAP Exploit CVE-2017-8917 The running Joomla CMS seems to be vulnerabile against the CVE-2017-8917 which is an SQLi vulnerability. On Github an working exploit can be found: Equipped with the exploit, one…
Description Plattform: TryHackMeLink: : Medium 🟠 Codeanalysis This router is based on the POST request type and uses a function called isYaml() to check whether the file parameter (here file_path) is a YAML file or not. If the return value…
A few weeks ago I had problems with the connection to the Tryhackme-network with OpenVPN. I searched around the internet and found different solutions. For me worked the following simple solution. Open your OpenVPN-Config for THM and edit the following…
You can find the training room here. As usual, we ran NMAP and wFuzz to gather as much information as we can about the target. With NMAP we get our first useful information. The target is running two apache servers.…
You can find the training room here. At the beginning as usal we try to get as much information as we can from the target. For this we are using NMAP and Fuzz. As result we get some interesting folders…
You can find the training room here. As usual first run our basic recon scans Nmap and fuzz to get more information about the target and the services which are running. Great we found an open FTP, SSH and open…
You can find the training room here. We run our basic scans to find open ports and directories on the target. We found a open SSH port (22) and a open port for Apache (80). Sadly the address only shows…
You can find the room here. First of all we run nmap and scan for open ports and services. I also tried a directory scan with gobuster but it cant get a connection to the side, with fuzz all worked…
It says follow the white rabbit, so lets go. Looking around the website while checking the sourcecode we found the directory for the pictures. Lets move to this and check if there is something usefull to find. Just some pictures,…