Introduction

Detailed walkthroughs for Light CTF challenges on TryHackMe .

Description

I am working on a database application called Light! Would you like to try it out? If so, the application is running on port 1337. You can connect to it using nc 10.10.95.233 1337 You can use the username smokey in order to get started.

Enumaration

sudo echo 10.10.95.233 light.thm >> /etc/hosts

Mapped the ip to domain light.thm.

NetCat

We receive the password when a valid username is entered.

Introduction

Detailed walkthroughs for Pyrat CTF challenges on TryHackMe .

Description

Pyrat receives a curious response from an HTTP server, which leads to a potential Python code execution vulnerability. With a cleverly crafted payload, it is possible to gain a shell on the machine. Delving into the directories, the author uncovers a well-known folder that provides a user with access to credentials. A subsequent exploration yields valuable insights into the application’s older version. Exploring possible endpoints using a custom script, the user can discover a special endpoint and ingeniously expand their exploration by fuzzing passwords. The script unveils a password, ultimately granting access to the root.

Introduction

Detailed walkthroughs for Cheese CTF CTF challenges on TryHackMe .

Initial Foothold

echo "10.10.16.91 cheese.thm" >> /etc/hosts

Mappped the ip to domain certain-doom.thm.

nmap

Initial scan gives result as lot (n) number of ports open. May be they are tricking us not to look for what we want.

$ nmap cheese.thm -sC -sC -p22,80
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-29 22:48 IST
Nmap scan report for cheese.thm (10.10.16.91)
Host is up (0.16s latency).

PORT   STATE SERVICE
22/tcp open  ssh
| ssh-hostkey: 
|   3072 b1:c1:22:9f:11:10:5f:64:f1:33:72:70:16:3c:80:06 (RSA)
|   256 6d:33:e3:bd:70:62:59:93:4d:ab:8b:fe:ef:e8:a7:b2 (ECDSA)
|_  256 89:2e:17:84:ed:48:7a:ae:d9:8c:9b:a5:8e:24:04:bd (ED25519)
80/tcp open  http
|_http-title: The Cheese Shop

Nmap done: 1 IP address (1 host up) scanned in 6.13 seconds

I’ve confirmed that port 22 and port 80 are open.

Introduction

Detailed walkthroughs for U.A. High School CTF challenges on TryHackMe .

Summary

This CTF challenge required participants to identify and exploit a hidden OS command injection vulnerability in the U.A. Superhero Academy’s website. Successful exploitation led to gaining root privileges on the system.

Vulnerability

The website contains a hidden functionality that allows for the execution of shell commands. This vulnerability can be exploited to gain unauthorized access to the system.

Exploitation

• By enumerating the website, a valid user and password were discovered.
• Using sudo privileges, a script was executed on the system to escalate privileges to root level.

Tools Used

rustscan, ffuf, curl, nc, wget, hexeditor, steghide, ssh

Introduction

Detailed walkthrough for CyberLens CTF challenges on TryHackMe .

Tools Used

rustscan, ping, burpsuite, nc, metasploit, msfvenom.

Enumeration

Lets start the process by mapping host-name to target IP address.

When any user or application on the system tries to access cyberlens.thm, it will be directed to the IP address specified in the /etc/hosts file. Lets use rustscan for port scanning the target domain. Rustscan is tool to scan the network ports faster.