Posts
Card image cap
Basic Pentesting

This Try Hack Me room guided users through the basics of web application pentesting. I learned about SMB enumeration and bruteforcing domains. This walkthrough also introduces bruteforcing logins with hydra and once the machine is compromised, elevating user privileges.

Card image cap
Ice

Ice is the extension to the Blue room. In this room we learn more about windows recon, exploitation and escalation. This box uses a vulnerable service called Icecast which allows us to access the machine using metasploit, then elevate those privileges by abusing a spool process.

Card image cap
Blue

Blue explores the dated, but widespread EternalBlue exploit. This exploit was used in the WannaCry ransomware attack which crippled healthcare systems and spread to millions of computers in a matter of days. In this room we are prompted to exploit this vulnerability using Metasploit.

Card image cap
Vulnversity

Vulnversity walks through how to preform recon on targets and look for possible points of entry for payloads such as reverse shells. On this box port 3333 is running a webserver. After dirbusting the webserver we find a path called internal where we are able to upload php files.

Card image cap
Fuzzy

Fuzzy challenged the user on the basics of fuzzing and taught me how to use wfuzz and other techniques to learn information about my target machine. I suggest anyone who would like to learn about fuzzing take on this challenge.

Card image cap
Shodan.io

Shodan.io is a great tool that is constantly scanning the whole internet for open devices and can be very useful in the recon stages of pentesting. This room walks through how to use filters on Shodan.