It starts with finding an unusual Local File Inclusion (LFI) backdoor on the WordPress site, which leads us to find some credentials. The credentials themselves do not work but using a password mutation technique with Hashcat, we can access the machine. …

This exercise explains how you can use XSS to gain access to the administration pages. Then, using that access, how you would be able to gain code execution on the server using SQL injections. Netdiscover First, on your Kali(attack machine) run the command netdiscover to find the ip address of…

Hello guys, I’m Sh*j0k5r and today we’re gonna solve the basic pentesting 1 CTF. A walkthrough for the Basic Pentesting 1 virtual machine, available from VulnHub. Netdiscover First, on your Kali(attack machine) run the command netdiscover to find the ip address of your target(Basic Pentesting 1) machine. - command: netdiscover

Hello guys, I’m Sh*j0k5r. Today, we are going to complete the task of the Attacktive Directory room in TryHackMe. Lets do it, Happy Hacking. Deploy the machine 99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller? Learning objectives: Impacket Kerbrute AD Enumeration Kerberos Cracking Hashes …

Hello guys, I’m Sh*j0k5r and today we’re gonna solve the Lampião CTF. Description from author: we will learn to solve a Capture the Flag (CTF) challenge which was posted on VulnHub by Tiago Tavares. Netdiscover First, on your Kali(attack machine) run the command netdiscover to find the ip address of your…

Hello guys, I’m Sh*j0k5r and today we’re gonna solve the Mr Robot CTF. Description from author: Based on the show, Mr. Robot. This VM has three keys hidden in different locations. Your goal is to find all three. Each key is progressively difficult to find. Let’s begin. Netdiscover First, on your…