https://crackstation.net/ Hashcat Rules Hash: 279412f945939ba78ce0758d3fd83daa Need to use rules to crack the hash in some cases Hashcat Rules Dir: /usr/share/hashcat/rules/ ┌──(kali㉿kali)-[~/...

https://tryhackme.com/room/basicpentestingjt In these set of tasks you’ll learn the following: brute forcing  hash cracking  service enumeration Linux Enumeration Run autorecon first ...

https://tryhackme.com/room/ohsint What information can you possible get with just one photo? What is this user’s avatar of? ┌──(root㉿kali)-[~/www] └─# exiftool WindowsXP.jpg ExifTool Version ...

MetaTwo is an easy Linux machine that features a website running Wordpress, which is using a plugin vulnerable to unauthenticated SQL injection (CVE-2022-0739). It can be exploited to reveal the pa...

https://tryhackme.com/room/attacktivedirectory Nmap # Nmap 7.93 scan initiated Sun Apr 23 06:31:19 2023 as: nmap -sVC -p- -T4 -Pn -vv -oA attacktive 10.10.80.193 Nmap scan report for 10.10.80.1...

Investigation is a Linux box rated as medium difficulty, which features a web application that provides a service for digital forensic analysis of image files. The server utilizes the ExifTool util...

Busqueda is an Easy Difficulty Linux machine that involves exploiting a command injection vulnerability present in a Python module. By leveraging this vulnerability, we gain user-level access to th...

BroScience is a Medium Difficulty Linux machine that features a web application vulnerable to LFI. Through the ability to read arbitrary files on the target, the attacker gains an insight into how ...

Socket is a Medium Difficulty Linux machine that features reversing a Linux/Windows desktop application to get its source code, from where an SQL injection in its web socket service is discovered. ...

Inject is an Easy Difficulty Linux machine featuring a website with file upload functionality vulnerable to Local File Inclusion (LFI). By exploiting the LFI vulnerability, files on the system can ...

Ambassador is a medium difficulty Linux machine addressing the issue of hard-coded plaintext credentials being left in old versions of code. Firstly, a Grafana CVE ( CVE-2021-43798) is used to read...

UpDown is a medium difficulty Linux machine with SSH and Apache servers exposed. On the Apache server a web application is featured that allows users to check if a webpage is up. A directory named ...

Squashed is an Easy Difficulty Linux machine that features a combination of both identifying and leveraging misconfigurations in NFS shares through impersonating users. Additionally, the box incorp...

Precious is an Easy Difficulty Linux machine, that focuses on the Ruby language. It hosts a custom Ruby web application, using an outdated library, namely pdfkit, which is vulnerable to CVE-2022-25...

https://tryhackme.com/room/mrrobot Information Gathering Nmap ┌──(root㉿kali)-[~] └─# nmap -sV -sC -Pn -T4 -p- mrrobot.thm -oA mr_robot Nmap scan report for mrrobot.thm (10.10.17.96) Host is ...