Recon CME neither Null nor guest login is available ┌──(kali㉿kali)-[~/thm/steel-mountain] └─$ cme smb 10.10.92.230 SMB 10.10.92.230 445 STEELMOUNTAIN [*] Windows Server 201...

Recon Nmap # Nmap 7.94 scan initiated Wed Jun 14 12:16:04 2023 as: nmap -sVC -p- -T4 -vv -oA Kenobi 10.10.182.189 Nmap scan report for 10.10.182.189 Host is up, received reset ttl 63 (0.29s lat...

The virtual machine used in this room (Blue) can be downloaded for offline usage from https://darkstar7471.com/resources.html[](https://darkstar7471.com/resources.html Recon Nmap ┌──(kali㉿kali)...

Reconnaissance Scan the box; how many ports are open? Use --min-rate for fastest scan on port enumeration only Use -n to not resolve dns to be faster (about 2 second…) ┌──(kali㉿kali)-[~/th...

Recon Nmap ┌──(kali㉿kali)-[~/thm/valleype] └─$ cat valleype.nmap # Nmap 7.94 scan initiated Sun Jun 11 09:58:59 2023 as: nmap -sVC -p- -T4 -vv -oA valleype 10.10.83.16 Increasing send delay for...

Nmap # Nmap 7.93 scan initiated Tue Jun 6 10:26:44 2023 as: nmap -sVC -p- -T4 -oA Post-Exploitation -vv 10.10.125.202 Nmap scan report for 10.10.125.202 Host is up, received conn-refused (0.28s ...

Autorecon ┌──(kali㉿kali)-[~/thm] └─$ sudo $(which autorecon) 10.10.148.99 -v [*] Identified service ssh on tcp/22 on 10.10.148.99 [*] Identified service http on tcp/80 on 10.10.148.99 80 - HackI...

https://crackstation.net/ Hashcat Rules Hash: 279412f945939ba78ce0758d3fd83daa Need to use rules to crack the hash in some cases Hashcat Rules Dir: /usr/share/hashcat/rules/ ┌──(kali㉿kali)-[~/...

https://tryhackme.com/room/basicpentestingjt In these set of tasks you’ll learn the following: brute forcing  hash cracking  service enumeration Linux Enumeration Run autorecon first ...

https://tryhackme.com/room/ohsint What information can you possible get with just one photo? What is this user’s avatar of? ┌──(root㉿kali)-[~/www] └─# exiftool WindowsXP.jpg ExifTool Version ...

MetaTwo is an easy Linux machine that features a website running Wordpress, which is using a plugin vulnerable to unauthenticated SQL injection (CVE-2022-0739). It can be exploited to reveal the pa...

https://tryhackme.com/room/attacktivedirectory Nmap # Nmap 7.93 scan initiated Sun Apr 23 06:31:19 2023 as: nmap -sVC -p- -T4 -Pn -vv -oA attacktive 10.10.80.193 Nmap scan report for 10.10.80.1...

Investigation is a Linux box rated as medium difficulty, which features a web application that provides a service for digital forensic analysis of image files. The server utilizes the ExifTool util...

Busqueda is an Easy Difficulty Linux machine that involves exploiting a command injection vulnerability present in a Python module. By leveraging this vulnerability, we gain user-level access to th...

BroScience is a Medium Difficulty Linux machine that features a web application vulnerable to LFI. Through the ability to read arbitrary files on the target, the attacker gains an insight into how ...