tryhackme - Unhackable

Unhackable

tryhackme

A collection of 15 posts

Plotted-TMS - THM

Plotted-TMS - THM

Plotted-TMS, is an easy rated box. www-data obtained by using exploiting the webpage, plot_admin obtained by exploiting a cron job running a script and root gained by exploiting doas.

Conti - THM

Conti, is a medium rated room. Use splunk to investigate the conti ransonmware

Zeno - THM

Zeno, is a medium rated box. User1 obtained by using exploiting the webpage, user2 obtained by using found credentials and root gained by exploiting a service file Recon nmap Start the box with a nmap scan to identify what services are running on the box, including the version of the

Sweettooth Inc - THM

Sweettooth Inc - THM

Sweettooth Inc, is a medium rated box. User obtained by using exploiting influxdb and root gained by docker escape

Classic Passwd - THM

Classic Passwd - THM

Classic Passwd, is a medium rated challenge. User obtained by using radare2

Cyborg - THM

Cyborg, is an easy rated box. Initial foothold gained by extracting a borg archive and privesc gained by modifying file running as sudo.

Sustah - THM

Cyborg, is a medium rated box. Initial foothold gained by exploiting a cms application and privesc gained by exploiting doas configuration

Chocolate Factory - THM

Chocolate Factory - THM

Chocolate Factory, is an easy rated box. Initial foothold gained by exploiting a webpage with arbitrary command and privesc gained by exploiting vi.

Overpass 3 - Hosting - THM

Overpass 3 - Hosting - THM

Overpass 3 - Hosting, is a medium rated box. Initial foothold gained by decrypting a gpg encrypted file and privesc gained by mounting nfs share

Startup - THM

Startup, is an easy rated box. Initial foothold gained by php rce, privesc gained by editing a script.

Revenge - THM

Revenge, is a medium rated box. Initial foothold gained by sql injection, privesc gained by exploiting systemctl.

Git Happens - THM

Git Happens - THM

Git Happens, is an easy rated box. Flag gained by downloading git directory and viewing source code

Blog - THM

Blog, is a medium rated box. Initial foothold gained by bruteforcing for credentials and exploiting CVE-2019-8943 for user and exploiting a suid binary for root.

Break Out The Cage - THM

Break Out The Cage - THM

Break out the cage, is an easy rated box. Initial foothold gained by steganalysis, privesc gained by exploiting a python for cage and exploting the lxd group for root

Haskhell - THM

Haskhell, is a medium rated box. Initial foothold gained by exploiting a webapp and privesc obtained by misusing sudo access