This Try Hack Me room guided users through the basics of web application pentesting. I learned about SMB enumeration and bruteforcing domains. This walkthrough also introduces bruteforcing logins with hydra and once the machine is compromised, elevating user privileges.

Blue explores the dated, but widespread EternalBlue exploit. This exploit was used in the WannaCry ransomware attack which crippled healthcare systems and spread to millions of computers in a matter of days. In this room we are prompted to exploit this vulnerability using Metasploit.

Ice is the extension to the Blue room. In this room we learn more about windows recon, exploitation and escalation. This box uses a vulnerable service called Icecast which allows us to access the machine using metasploit, then elevate those privileges by abusing a spool process.

Vulnversity walks through how to preform recon on targets and look for possible points of entry for payloads such as reverse shells. On this box port 3333 is running a webserver. After dirbusting the webserver we find a path called internal where we are able to upload php files.

Shodan.io is a great tool that is constantly scanning the whole internet for open devices and can be very useful in the recon stages of pentesting. This room walks through how to use filters on Shodan.