Recon ┌──(bravosec㉿fsociety)-[~/thm/overpass] └─$ writehosts thm '10.10.37.163 overpass.thm' +---------+--------+--------------+--------------+ | PROFILE | STATUS | IP | DOMAIN | ...

Recon Scripts 5 ports ┌──(bravosec㉿fsociety)-[~/thm/dunkinvuln] └─$ tcpall 10.10.247.184 [+] Running command: sudo nmap -p- --min-rate 10000 -Pn -vv -oA ./nmap/all_tcp_ports --open 10.10.24...

Keeper is an easy-difficulty Linux machine that features a support ticketing system that uses default credentials. Enumerating the service, we are able to see clear text credentials that lead to SS...

unreadable Info There’s an unreadable file….. HINT: Case Sensitive, There’s no space next to ‘{‘ and ‘}’ The use of punctuation marks follows grammar rules. Solve ┌──(br...

Recon ┌──(bravosec㉿fsociety)-[~/thm/Red] └─$ writehosts thm '10.10.136.223 red.thm' +---------+--------+---------------+---------+ | PROFILE | STATUS | IP | DOMAIN | +---------+------...

Delivery is an easy difficulty Linux machine that features the support ticketing system osTicket where it is possible by using a technique called TicketTrick, a non-authenticated user to be granted...

Traverxec is an easy Linux machine that features a Nostromo Web Server, which is vulnerable to Remote Code Execution (RCE). The Web server configuration files lead us to SSH credentials, which allo...

Recon Add to hosts writehosts thm '10.10.250.142 anonymous.thm' CrackMapExec ┌──(bravosec㉿fsociety)-[~/thm/Anonymous] └─$ cme smb anonymous.thm -u '' -p '' SMB anonymous.thm 445 ...

Spoiler Alert : This machine with crash if dir busting too much Recon Nmap # Nmap 7.94 scan initiated Wed Jul 26 05:45:51 2023 as: nmap -sVC -p- -T4 -Pn -vv -oA blog 10.10.71.153 Nmap scan re...

Recon Nmap # Nmap 7.94 scan initiated Tue Jul 25 16:37:42 2023 as: nmap -sVC -p- -T4 -Pn -vv -oA Wonderland 10.10.99.150 Nmap scan report for 10.10.99.150 Host is up, received user-set (0.29s l...

Recon Nmap # Nmap 7.94 scan initiated Mon Jul 24 11:21:06 2023 as: nmap -sVC -p- -T4 -Pn -vv -oA Retro 10.10.15.115 Nmap scan report for 10.10.15.115 Host is up, received user-set (0.28s latency...

Timelapse is an Easy Windows machine, which involves accessing a publicly accessible SMB share that contains a zip file. This zip file requires a password which can be cracked by using John. Extrac...

Devel, while relatively simple, demonstrates the security risks associated with some default program configurations. It is a beginner-level machine which can be completed using publicly available e...

Active is an easy to medium difficulty machine, which features two very prevalent techniques to gain privileges within an Active Directory environment. Recon CrackMapExec ┌──(kali㉿kali)-[~/htb/...

https://tryhackme.com/room/zer0logon Identify zero logon exploit ┌──(kali㉿kali)-[~] └─$ cme smb 10.10.244.21 -u '' -p '' -M zerologon SMB 10.10.244.21 445 DC01 [*] Wind...