Sharing writeups of CTF challenges and Machines
Enumeration Start with an Nmap scan. SSH port and web server are open. However, It failed to redirect to the domain address. Let’s add it to the file. Now, let’s visit the web page and see how it looks. It’s a file conversion web page. I did the Nmap scan again since we added the … Read More “Hack the box – Precious write-up” »
Description Reception of Special has been cool to say the least. That’s why we made an exclusive version of Special, called Secure Comprehensive Interface for Affecting Linux Empirically Rad, or just ‘Specialer’. With Specialer, we really tried to remove the distractions from using a shell. Yes, we took out spell checker because of everybody’s complaining. … Read More “Pico CTF 2023 – Specialer writeup” »
Analyzing the auth.log, can you identify the IP address used by the attacker to carry out a brute-force attack? we can easily find it in the log file. 65.2.161.68 The brute force attempts were successful, and the attacker gained access to an account on the server. What is the username of this account? We can … Read More “Hack the box – Sherlocks – Brutus” »
Enumeration Nmap the target machine. web server on port 8080. Apache Tomcat home page with the version info. I found buttons for the manager app and host manager. I tried to log in, but when I failed, the page with credentials was displayed. ID: tomcat PW: s3cret Managed to log in as Jerry! Also, I … Read More “Hack the box – Jerry simple write-up” »
