Tag: ctf
-
HTB: Illumination
This challenge is looking for access control tokens in a set of provided files while mentioning source control. No one has ever committed an API key to a github repo right?? Provided Files When you download the challenge you’re provided with a password protected zip file with the password. Opening this up, you see a…
-
TryHackMe: Pickle Rick
Who doesn’t love Rick and Morty? On this box our goal is to exploit a webserver and find 3 ingredients for Rick to turn back into a human. Once we start it up we should start our recon by looking through the web server. Recon Using BurpSuite and the BurpSuite browser, we can start poking…
-
TryHackMe: Mr Robot CTF
This room keeps popping up in my THM ‘todo’ list and I really liked the show (well, the first three seasons. I’m behind.) so it’s probably a good time to give it a go. The first section of tasks are all about connecting your machine to the THM VPN, so once that is knocked out…
-
HTB: Templated
This is a pretty quick challenge which stresses the importance of sanitizing user input – especially with server-side rendering. To start this, select the challenge on HTB and you’ll be provided with a link to a docker container that you can access outside the VPN. Initially the link just shows a little “under construction” page…
-
TryHackMe: Basic Pentesting
This should be a pretty straightforward box, the details provided note that this will involve brute forcing, hash cracking, service enumeration, and Linux Enumeration. Let’s get started with some recon! Recon Like usual, let’s hit the target with an nmap scan. My initial scan is as follows: This takes a little while, so after making…