Source

This is a practical Walkthrough of “Luanne” machine from HackTheBox. Credit goes to polarbearer for making this machine available to us.

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

Synopsis

“Luanne” is marked as easy difficulty machine that features nginx and supervisor to host website and to control process system. The website has basic HTTP authentication enabled, but a certain http directory is wide open to get weather information of UK cities by querying manually. Web application is connected to a lua script which generates random data about city’s weather. Taking advantage…


Source

This is a practical writeup of “Tally” retired machine from HackTheBox. Credit goes to egre55 for making this machine available to us. Although this machine is from 2017 but the simulation of vulnerabilities are real-to-life.

Synopsis

“Tally” is marked as Hard difficulty machine that features IIS web server and SharePoint CMS with MSSQL running in background. Gobuster gives us path to FTP credentials. FTP has a directory with KeePass credential database, we crack the master password of DB and get access to SMB credentials. SMB access gives us credentials to MSSQL DB. …


Source

This is a practical Walkthrough of “Time” machine from HackTheBox. This machine is marked as medium level. Credit goes to egotisticalSW & felamos for making this machine available to us and base points are 30 for this machine.

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

Synopsis

“Time” is medium difficulty Linux machine that features Apache server hosting a PHP website. The website homepage is “Online JSON beautifier & validator”. Many websites offer APIs, which will return data in JSON format. Often the JSON provided has white space compressed to reduce the…


Source

This is a practical Walkthrough of “Passage” machine from HackTheBox. This machine is marked as medium level. Credit goes to ChefByzen for making this machine available to us and base points are 30 for this machine.

This walkthrough will be explanatory, because I learned a lot of new things from this machine. So, don’t mind my blabbering.

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

Enumeration

We will kick off this machine with enumerating using nmap.


Source

This is a practical walkthrough of room “Watcher” from TryHackMe. Although this room is marked as easy level, but for me it was kind a medium level. This room is aimed at Boot2root, Web exploitation, Privilege escalation, LFI.

Room Link: https://tryhackme.com/room/watcher

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

First Things First

Deploy the target machine (this machine might take upto 3–5 minutes to load and accessible) There are two ways to access the deployed target machine. 1) Use attacker box — Provided by TryHackMe, it consist of all the required…


Source

Room Link

This is a practical walkthrough of room “Retro” from TryHackMe. Although this room is marked as hard level, but for me it felt like medium level.

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

First Things First

Deploy the target machine (this machine might take upto 3–5 minutes to load and accessible) There are two ways to access the deployed target machine. 1) Use attacker box — Provided by TryHackMe, it consist of all the required tools available for attacking. 2) Use OpenVpn configuration file to connect your machine…


Source

This is a practical Walkthrough of “Laboratory” machine from HackTheBox. Although this machine is marked as easy level, but for me it was kind a crazy level. Credit goes to 0xc45 for making this machine available to us and base points are 20 for this machine.

This walkthrough will be explanatory, because I learned a lot of new things from this machine. So, don’t mind my blabbering.

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

Enumeration

We will kick off this machine by enumerating using Nmap.


Source

This is a practical walkthrough of room “Inferno” from TryHackMe. Although this room is marked as medium level, but for me it felt like difficult. This room is aimed at HTTP basic auth and IDE Exploit and Linux PrivEsc.

This walkthrough will be explanatory, because I learned couple new things from this room. So, don’t mind my blabbering.

Room Link: https://tryhackme.com/room/inferno

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

First Things First

Deploy the target machine (this machine might take upto 3–5 minutes to load and accessible) There are two ways…


This is a practical walkthrough of room “En-Pass” from TryHackMe. Although this room is marked as easy level, but for me it was kind of difficult level. This room is aimed at tricky web application Exploits and PrivEsc.

This walkthrough will be explanatory, because I learned couple new things from this room. So, don’t mind my blabbering.

Room Link: https://tryhackme.com/room/enpass

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

First Things First

Deploy the target machine (this machine might take upto 3–5 minutes to load and accessible) There are two ways to…


Source — HTB

This is a practical Walkthrough of “Academy” machine from HackTheBox. Although this machine is marked as easy level, but for me it was kind a medium level. Credit goes to egre55 and mrb3n for making this machine available to us and base points are 20 for this machine.

This walkthrough will be explanatory, because I learned a lot of new things from this machine. So, don’t mind my blabbering.

Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.

Enumeration

We will kick off this machine with enumerating using nmap.

Aniket Badami

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store