Introduction

Hello guys back again with another walkthrough. This time am going to be introducing SQL Injections and we are going to be solving a capture the flag challenge both automatically (using SQLMap) and manually by using burpsuite. SQL Injection vulnerability occurs when unsanitized user controlled input is passed to a database through a query. This cause a user or an attacker to be able to run raw SQL Commands on a database .Through Research done in the past, SQL Injections have led to dumping of databases which in turn leads to data breaches of all information from the database, It…


Hello guys back again with another walkthrough this time we’ll be tackling VulnNet: dotjar from TryHackMe. Yet another amazing box from TheCyb3rW0lf. I really loved the box and it starts off us finding a a tomcat web application that is vulnerable to ghostcat vulnerability. A vulnerability that we’ve exploited before in a room called tomghost which is also on TryHackMe. We use the vulnerability to leak some credentials which we then use those credentials to upload a malicious war file what gives us remote code execution on the box. Next we find that the shadow backup file is world readable…


Web Challenges

Hello guys back again with another walkthrough this time we’ll be tackling Cyber Apocalypse 2021 capture the flag hosted by HackTheBox. Since am part of a team this time i decided to do web challenges and i had a couple of solves. And also learned some important lesson that i would like to share Without much say let’s jump in

Caas

Caas is a web challenge that start off by a user providing a host and the web application does a heath check of some sort using curl


Introduction

Hello guys back again with another walkthrough this time we’ll be doing Classic Passwd from TryHackMe. Am really not great at reverse engineering but from learning buffer overflows i know my way around binary exploitation and some bit of reversing binaries to identify vulnerabilities and that’s what this walkthrough will be all about. …


Introduction

Hello guys back again with another walkthrough this time we’ll be tackling VulnNet: Node from TryHackMe. The room was rated easy and i totally agree with the rating and what made me love the room even more was that it was as real world as possible. You start off by finding a web server running Node.js Express framework you find it assigns you a cookie and the cookie is utilized somehow by the web server. Messing with the cookie you realize tht the cookie is unserialized by the web application and being a penetration tester I’ve come across nodejs deserialization…


Hello guys am back again with another walkthrough from TryHackMe. This time we are going to be handling VulnNet. The room was released yesterday i did it and finished it but I’ve been on the road for the past three days so releasing a room was kinda hard but better late than never. The room was rated medium but still again i believe if you have a solid foundation on pentesting it’s actually an easy box. The box starts off by us discovering that the box has virtual host routing enabled meaning as a user we shall be routed to…


Hello guys back again with another walkthrough this time we’ll be tackling broker from TryHackMe. The box was rated as medium but according to my opinion the box is actually an easy one. You start off by finding that the box is running MQTT protocol and the web application maintaining the mosquitto service is vulnerable to a File upload using HTTP PUT method exploit the vulnerability by upload a JSP shell and get code execution on the system user done!!. You then find that the root user can run a python script that you have both read write access too…


Hello guys back again with another walkthough this time we’ll be tacking Team from TryHackMe. A beginner friendly box that teaches the importance of doing your enumeration well. It starts of by finding a virtual host(vhost) that leads you to a dead end(a bootstrap themed webpage). We decided to brute force subdomains using wfuzz and ended finding one other subdomain which is vulnerable to a file path traversal and a Local File Inclusion vulnerability. Doing some regular fuzzing we notice that a SSH private key has been hidden in plain site in sshd_config file. We download the key and use…


Hello guys after two week of absence period am back again with another walkthrough. This time we’ll be tackling magician from TryHackMe which is an easy box so long as you though guessing out of the window. The box was released barely an hour ago and it starts of by finding an image tragick vulnerability exploit it to land a shell on the box as the magician user. Running linpeas you find out that there's a port 6666 that is only exposed to localhost forward the port to our local box and find it a web app that allows users…


Hello guys back again with another walkthrough this time we’ll be tacking Madeye’s Castle room from TryHackMe. The room was released about 12 hours ago and according to my opinion this room was a bit hard as compared to the rooms we have done the last 2 weeks though it was rated medium. You start off by discovering a virtual host in an Apache default page source code and it leads you to a different website which is vulnerable to SQLite injection. But SQLMap fails to extract the database i don’t know the reason why but i ended up learning…

Musyoka Ian

Penetration Tester/Analytical Chemist who Loves Cybersecurity. GitHub(https://github.com/musyoka101), ExploitDB(https://www.exploit-db.com/?author=10517)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store