TryHackMe Skynet machine walkthrough
The TryHackMe Skynet machine was probably the longest run I had between enumeration and complete compromise. It has various information gathering vectors such as HTTP, SMB, IMAP, POP3, etc. and sophisticated way of privilege escalation targeting vulnerable CMS and tar utility.
Exploitation components comprise but are not limited to:
Basic Nmap scan:
nmap -sS -sV -O -T4 <ip-address> -oN basic_scan.nmap
See how Python can beat Burp Suite in brute-forcing speed and boost your hacking efficiency.
Once, I was sharpening my skills on blind SQL injection by enumerating a vulnerable web application. I found the trivial username ‘administrator’ and his password length using conditional statements within the cookie field:
‘ UNION SELECT ‘a’ FROM users WHERE username=’administrator’ AND length(password)=20--
What was the indication that this is a successful SQLi hunt? Let’s see what the BurpSuite Comparer has to offer:
Good day, ladies and gentlemen! Here’s a brief description of what you’ll come across over the course of your penetration test and what you’ll learn:
First and foremost, we need to run some basic scans. I’m sure you have your own preferences and procedures in terms of scanning, so let’s not dwell on this for so long.
Have you ever lived with a person whose music sucked? You sincerely didn’t like it and wanted to leave the planet when it was playing.
— Hey, man, can you please turn it down a little?
— Ah, sure, dude, no problem!
And with every step back to the room the sound bar of his phone is climbing up again!
Here it goes:
The HackPark educational walkthrough with Metasploit, Msfvenom, Exploit-DB, PowerShell, and RCE.
Hi, there! I’m glad you’ve joined me on this little TryHackMe HackPack walkthrough and, undoubtedly, you’ll find what you seek whether it’s a solution to a problem or another angle of looking at things. Let’s get started!
I’m sure you’ve seen this naughty clown somewhere … Maybe in the IT movie or the Steven King’s novel. So, let’s not dwell on this one.
Hi, George! What a nice boat. Do you want it back?
At the very beginning of our investigation, it’s nice to start the Nmap scan. …
Hello, there! Here’s an educational walkthrough on the TryHackMe Steel Mountain machine. If you struggle with it or just want to take a look at another approach of solving the challenge, you’re definitely in the right place! Without further ado, let’s dive into it.
First thing’s first, we need to do the port scanning! So, let’s fire up some Nmap scans and identify potential attack vectors.
What I usually start from is so called (mainly by myself) basic and vuln Nmap scans:
Nmap -sC -sV -O $IP -oN basic_scan.nmap
Nmap -script=vuln $IP -oN vuln_scan.nmap
A little breakdown of these two:
First thing we need to do is scanning. Let’s run two Nmap scans:
The first Nmap scan is very similar to -A (aggressive) scan, but it doesn’t do traceroute. The second one is meant to find potential attack vectors for the victim.
The results is presented in the following screenshot:
Basic Nmap Scan
To hit the ground running on exploiting the Mr. Robot machine we need some information on the target, so let’s run some basic scans which will reveal potential attack vectors. I usually start with a couple of Nmap scans:
nmap -sC -sV -O <ip-address> -oN basic_scan.nmap
nmap — script=vuln <ip-address> -oN vuln_scan.nmap
The following screenshot shows the output of the basic scan.
At the very beginning of the penetration test, I’d like to start with two scans which I usually call basic Nmap scan and vuln scan.
Basic Nmap scan:
I love learning and writing about ethical hacking!