I suddenly noticed when visiting Try Hack Me that a new machine was published: Archangel. There were only a handful of people who had already cleared it, so I decided to have a go. Managed to hit the top 10 scoreboard! You can find the room here: https://tryhackme.com/room/archangel Getting a…
php
OSCP-like machine for beginners Earlier this week, I developed another machine at Try Hack Me. The machine is very OSCP-like and beginner friendly. You can find it here: https://tryhackme.com/jr/d3bugger Getting a shell A simple Nmap scan shows that there are a few ports open. However, all webserver ports except 8081…
Earlier this week I developed a Try Hack Me room called “h4cked”. The room is a combination between learning network forensics and basic penetration testing skills. You can find it here: https://tryhackme.com/jr/h4cked Scenario – Task 1: “It seems like our machine got hacked by an anonymous threat actor. However, we…
In March 2018, a new Drupal core vulnerability (later named Drupalgeddon2) was discovered and marked as Highly Critical by the Drupal team. The vulnerability affected versions < 8.3.9 / < 8.4.6 / < 8.5.1. This article covers how the vulnerability can be manually exploited using Burp Suite. Further details regarding…
A Local File Inclusion (LFI) vulnerability allows an attacker to read internal system files. In a worst case scenario – it could lead to remote access. This post demonstrates how a remote attacker could achieve a reverse meterpreter shell from manually exploiting a LFI vulnerability. The demonstration is conducted by…