Description Plattform: TryHackMeLink: https://tryhackme.com/room/dailybugleDifficulty: Hard 🟠 Enumeration NMAP Exploit CVE-2017-8917 The running Joomla CMS seems to be vulnerabile against the CVE-2017-8917 which is an SQLi vulnerability. On Github an working exploit can be found: https://github.com/stefanlucas/Exploit-Joomla Equipped with the exploit, one can exfiltrate superuser access credentials. The hash can be cracked easily with hashcat or john. …
General Active Directory Maschinehttps://app.hackthebox.com/machines/148 Walkthru First of all perform nmap-scan SMB 445 is open, lets check if we can login with anonymous-login Works! Lets login to the directory that we saw Download all files, and check them locally We found some information in the Groups.xml. Lets try to decrypt the hash. Looks like we found …
Hello,for a long time it was quiet here and there were no articles. Unfortunately, I am currently very busy at work, but in the meantime I have published a detailed article about SystemD at my colleague from ceos3c. In this article SystemD and the different functions and use cases are discussed in detail. You can …
In this guide we will discover different use-cases of Wireguard-VPN and how to install and setup different configurations on different firewalls and so on. The individual ones will not be published directly, I will update the guide over time. pfSense First we will use Wiregaurd to tunnel into a network behind a pfSense. We start …
Introduction This article is a follow-up to the installation guide for OpenVAS. We will discover the web-gui andfigure out some main functions of the openvas-scanner and how to use them. Running scans with the Task-Wizard When we run the first time a scan, we go to Scans and click on Tasks. Now we can choose …
A few weeks ago I had problems with the connection to the Tryhackme-network with OpenVPN. I searched around the internet and found different solutions. For me worked the following simple solution. Open your OpenVPN-Config for THM and edit the following line: Replace it with: Save and close the file and try to connect. On Windows, …
You can find the training room here. As usual, we ran NMAP and wFuzz to gather as much information as we can about the target. With NMAP we get our first useful information. The target is running two apache servers. One on port 8009 and the other on port 8080. So far so good, the …
On the 30th May of 2022, the security form Volexity identified a Remote Code Execution vulnerability at Atlassian’s Confluence. NIST entry can be found here. In the following, we will explore and use this exploit. The Dev’s of Atlassian has released a advisory for the affected products. You can identify recent attacks on your machine while viewing …
Imagin you forgot your root password after a long vacation at work or you are new to a company and need to get care of old systems with no known credentials or documentation of the system. So what do you do? – Reinstall the hole machine would be a solution but all data will be …
You can find the room here. First of all we run nmap and scan for open ports and services. I also tried a directory scan with gobuster but it cant get a connection to the side, with fuzz all worked fine so I went there forward. When we browse to the .git page we can …