technoctf

 TryHackMe - Vulnversity 1. Task 1 can be completed by download the VPN file provided by tryhackme and running openvpn upon it with the given command: sudo openvpn <filename> Task 2 - Begins 2. The next step is to scan the network. I performed an aggressive scan using nmap and since it would be too slow I sped it up using timing as 4. 3. This provided us with the number of ports open as 6 which will be used in our task 2. It also gave us the version of squid proxy running which is 3.5.12.  4. The next questions answer is 400. Let me explain why. -p is used to provide port/s to scan. This can be provided as a number, some comma separated numbers or a range. -p-400 is same as -p 1-400. This shows that ports 1 through 400 would be scanned. 5. The next answer is DNS. This can be seen in the man page of nmap. Open it using the command man nmap. The press forward slash (/) for searching. Then type -n and press enter. Remember this trick to search for something in man pages. 6. This mac

 TryHackMe - Mr Robot 1. First step as always is a nmap scan. So we have http, https and ssh port open. 2. Then I took a look at the robots file using curl. This can also be done in a browser. Here I found our first key and also a dictionary file. I used curl to display the key and downloaded the dictionary file using wget. Key is 073403c8a58a1f80d943455fb30724b9 3. I also started dirbuster at the beginning the moment I knew port 80 was open and found a login page within. 4. Now an interesting thing about a wordpress login page is that it tells you separately whether your username was correct or not. 5. I used burpsuite to brute force the login form using the given dictionary file. I captured the request and then sent it to intruder. Here I used a cluster bomb attack on the username and password positions. However I recommend using hydra unless you have the pro version of burpsuite. 6. A different length value suggest an anomaly. Thus I tried the corresponding values to it with usernam

  TryHackMe - Pickle Rick The first step for any such challenge is to scan the server by nmap. I generally use the options: -A and -T4 however you can also use NSE along with it by adding –script=vuln. This gives us a lot of input and we have to look for relevant information in it. But on the plus side it sometimes provides us with valuable information.   2.       Now I knew that it has a webpage since port 80 is open. Then I checked its robots.txt file and found a string: Wubbalubbadubdub At this point we don’t have any information about what this string could be so just make a note of it as of now and move on.   3.       Then I checked the source code of the homepage given to us and it contained some interesting info. It gave us a username: R1ckRul3s At this time I had a hunch that the above string could actually be a password for something.   4.       My next step was to use dirbuster for locating hidden files and directories on the server. This led me to a logi