Reverse shell

I suddenly noticed when visiting Try Hack Me that a new machine was published: Archangel. There were only a handful of people who had already cleared it, so I decided to have a go. Managed to hit the top 10 scoreboard! You can find the room here: https://tryhackme.com/room/archangel Getting a…

OSCP-like machine for beginners Earlier this week, I developed another machine at Try Hack Me. The machine is very OSCP-like and beginner friendly. You can find it here: https://tryhackme.com/jr/d3bugger Getting a shell A simple Nmap scan shows that there are a few ports open. However, all webserver ports except 8081…

Earlier this week I developed a Try Hack Me room called “h4cked”. The room is a combination between learning network forensics and basic penetration testing skills. You can find it here: https://tryhackme.com/jr/h4cked Scenario – Task 1: “It seems like our machine got hacked by an anonymous threat actor. However, we…

When I first started getting into the infosec game – I learnt most of my skills from VulnHub. VulnHub is an excellent platform for learning penetration testing; whether you are new to infosec or experienced. In this article, a writeup of the machine Photographer is provided. The developer left a…

Buffer overflows are still found in various applications. The Exploit Database shows 48 buffer overflow related exploits published so far this year (July 2020). They are still highly visible. However, modern operating systems have made it tremendously more difficult to execute these types of attacks. Countermeasures such as DEP and…

A Local File Inclusion (LFI) vulnerability allows an attacker to read internal system files. In a worst case scenario – it could lead to remote access. This post demonstrates how a remote attacker could achieve a reverse meterpreter shell from manually exploiting a LFI vulnerability. The demonstration is conducted by…