Keeper is an easy-difficulty Linux machine that features a support ticketing system that uses default credentials. Enumerating the service, we are able to see clear text credentials that lead to SS...

unreadable Info There’s an unreadable file….. HINT: Case Sensitive, There’s no space next to ‘{‘ and ‘}’ The use of punctuation marks follows grammar rules. Solve ┌──(br...

Recon ┌──(bravosec㉿fsociety)-[~/thm/Red] └─$ writehosts thm '10.10.136.223 red.thm' +---------+--------+---------------+---------+ | PROFILE | STATUS | IP | DOMAIN | +---------+------...

Delivery is an easy difficulty Linux machine that features the support ticketing system osTicket where it is possible by using a technique called TicketTrick, a non-authenticated user to be granted...

Traverxec is an easy Linux machine that features a Nostromo Web Server, which is vulnerable to Remote Code Execution (RCE). The Web server configuration files lead us to SSH credentials, which allo...

Recon Add to hosts writehosts thm '10.10.250.142 anonymous.thm' CrackMapExec ┌──(bravosec㉿fsociety)-[~/thm/Anonymous] └─$ cme smb anonymous.thm -u '' -p '' SMB anonymous.thm 445 ...

Spoiler Alert : This machine with crash if dir busting too much Recon Nmap # Nmap 7.94 scan initiated Wed Jul 26 05:45:51 2023 as: nmap -sVC -p- -T4 -Pn -vv -oA blog 10.10.71.153 Nmap scan re...

Recon Nmap # Nmap 7.94 scan initiated Tue Jul 25 16:37:42 2023 as: nmap -sVC -p- -T4 -Pn -vv -oA Wonderland 10.10.99.150 Nmap scan report for 10.10.99.150 Host is up, received user-set (0.29s l...

Recon Nmap # Nmap 7.94 scan initiated Mon Jul 24 11:21:06 2023 as: nmap -sVC -p- -T4 -Pn -vv -oA Retro 10.10.15.115 Nmap scan report for 10.10.15.115 Host is up, received user-set (0.28s latency...

Timelapse is an Easy Windows machine, which involves accessing a publicly accessible SMB share that contains a zip file. This zip file requires a password which can be cracked by using John. Extrac...

Devel, while relatively simple, demonstrates the security risks associated with some default program configurations. It is a beginner-level machine which can be completed using publicly available e...

Active is an easy to medium difficulty machine, which features two very prevalent techniques to gain privileges within an Active Directory environment. Recon CrackMapExec ┌──(kali㉿kali)-[~/htb/...

https://tryhackme.com/room/zer0logon Identify zero logon exploit ┌──(kali㉿kali)-[~] └─$ cme smb 10.10.244.21 -u '' -p '' -M zerologon SMB 10.10.244.21 445 DC01 [*] Wind...

This room will cover all of the basics of attacking Kerberos the windows ticket-granting service; we’ll cover the following: Initial enumeration using tools like Kerbrute and Rubeus Kerberoa...

Forest in an easy difficulty Windows Domain Controller (DC), for a domain in which Exchange Server has been installed. The DC is found to allow anonymous LDAP binds, which is used to enumerate doma...