Sign in

1. Executive Summary

Popcorn is Linux based machine with tampering vulnerability on upload feature in Torent Hoster. The vulnerability leads on attacker able to get shell and obtain the user flag. Local users able to change the ownership of arbitrary files via a symlink attack on .cache in a user’s home directory, related…

1. Executive Summary

SneakyMailer, a linux-based machine, is exposed to phishing attacks that lead to the attacker get list of credentials, that can be used to access the mailbox. By gaining access to the mailbox, the attacker is able to discover another useful credential for the FTP service. This credential has permission to…

1. Executive Summary

Shocker is Linux based machine that suffers from the infamous shellshock. According to this website, Shellshock is a vulnerability that can be used to execute commands with greater privileges on systems that contain a vulnerable version of Bash. …

1. Executive Summary

The windows-based machine is vulnerable to the infamous Eternal Blue. EternalBlue is the term given to a group of Microsoft software flaws as well as the exploit developed by the National Security Agency (NSA) as a cyberattack tool. …

1. Executive Summary

There is an outdated Wordpress version used in the Blocky which is version 4.8 that allows attacker to enumerate users and apparently no restriction on user permission which gives an open door for the attacker to gain root access and take over the system.

2. Description

2.1 Enumeration

Enumerate the given address (10.10.10.37) …

1. Executive Summary

Default authentication is used in the machine specifically for their SSH service. It helps attackers to get into the shell pretty easy and there is no restriction in user permission which causes any user can log in as root.

2. Description

2.1 Enumeration

According to nmap scan result, the given address (10.10.10.48) …

Buff — Card Info

1. Executive Summary

Buff, another windows machine, is vulnerable to unauthenticated remote code execution due to the obsolete used version of Gym Management System and buffer overflows from a service named CloudMe.

Attackers can perform Remote Code Execution (RCE) on the hosting web server by submitting a maliciously designed PHP file that overcomes…

“Hack into a vulnerable database server with an in-memory data-structure in this semi-guided challenge!” — a creator of this machine.

In this machine, there are seven questions to be answered. Through this write-up, I will try to explain step by step how to solve this so-called easy machine.

Enumeration

Using nmap…

1. Executive Summary

Kioptrix level 1 is playground for beginner like me. It has more than one way to root the machine. Based on my finding there are two ports which can lead us to gain root access. There are port 139 — SMB 2.2.1a and 443—apache 1.3.20.

2. Description

2.1 Preface

In order to be connected…

It is been long time since I update this page so I decided to be active again by writing some stuff that I learned these past few days or weeks. And in this opportunity I decided to play with a module from TryHackMe.The …

rarpunzel

purple enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store