Artículos por categoría

tryhackme

Blog - TryHackMe

Billy Joel made a blog on his home computer and has started working on it.  It’s going to be so awesome! Enumerate this box and find the 2 flags that are hiding on it!  Billy has some weird things going on his laptop.  Can you maneuver around and get what you need?  Or will you fall down the rabbit hole…

Jason - TryHackMe

We are Horror LLC, we specialize in horror, but one of the scarier aspects of our company is our front-end webserver. We can’t launch our site in its current state and our level of concern regarding our cybersecurity is growing exponentially. We ask that you perform a thorough penetration test and try to compromise the root account. There are no rules for this engagement. Good luck!

Team - TryHackMe

A beginner friendly box that teaches the importance of doing your enumeration well. It starts of by finding a virtual host(vhost) that leads you to a dead end(a bootstrap themed webpage).

Wonderland - TryHackMe

This was an easy Linux machine that involved performing content discovery against a web application to identify the SSH password of a user to obtain initial access and exploit various vulnerable Linux binary to escalate privileges to root.

Ignite - TryHackMe

Ignite is an easy machine in TryHackMe in which we’ll use basic enumeration, learn more about FUEL CMS and how to explore it to gain access to the server.

Brute It - TryHackMe

Brute It a beginner-friendly challenge by TryHackMe. It is separated into three tasks reconnaissance, getting a shell, and privilege escalation with questions along the way to guide you throughout the engagement. It is a bit more hand-holding but was a fun challenge nonetheless. This box requires you to brute force, crack hashes, and escalate privileges to root.

StartUp - TryHackMe

Startup is a boot2root challenge available on TryHackMe. This is an easy level box which includes compromising a web server by uploading our web shell via FTP and then exploiting a cronjob to get the root shell.

Simple CTF - TryHackMe

Simple CTF is just that, a beginner-level CTF on TryHackMe that showcases a few of the necessary skills needed for all CTFs to include scanning and enumeration, research, exploitation, and privilege escalation.

Mr Robot CTF - TryHackMe

Mr. Robot CTF is a Mr. Robot-themed room on TryHackMe. It involves basic recon and it will give you a start on WordPress vulnerabilities if you are new to Web exploitation (WordPress Vulnerability → Reverse Shell).

OverPass - TryHackMe

TryHackMe’s Overpass room is an easy-level room involving a cookie authentication bypass, John the Ripper, crontabs, and hosts editing to go from an nmap scan to root access on a target machine.

Bounty Hacker - TryHackMe

TryHackMe’s Bounty Hacker room is an easy room that involves FTP, bruteforcing, SSH, and privilege escalation to go from a scan to root.

Back to Top ↑

vulnhub

Cereal 1 - VulnHub

Difficulty: Medium… This is simply a learning step which everyone at some point crosses. This box is probably hard though – it’s certainly not for beginners. I hope you learn something new. Take your time. Have patience. And take time to learn about the environment once you pop the initial shell.

Hacker Kid - VulnHub

Difficulty: Easy/Medium (Intermediate) This box is OSCP style and focused on enumeration with easy exploitation.The goal is to get root.No guessing or heavy bruteforce is required and proper hints are given at each step to move ahead.

Tr0ll 1 - VulnHub

Tr0ll was inspired by the constant trolling of the machines within the OSCP labs. The goal is simple, gain root and get Proof.txt from the /root directory. Not for the easily frustrated! Fair warning, there be trolls ahead!

Presidential 1 - VulnHub

Your goal is to see if you can gain root access to the server – the state is still developing their registration website but has asked you to test their server security before the website and registration system are launched.

Symfonos 3 - VulnHub

Intermediate real life based machine designed to test your skill at enumeration. If you get stuck remember to try different wordlist, avoid rabbit holes and enumerate everything thoroughly. SHOULD work for both VMware and Virtualbox.

BlackMarket - VulnHub

BlackMarket VM presented at Brisbane SecTalks BNE0x1B (28th Session) which is focused on students and other InfoSec Professional. This VM has total 6 flag and one r00t flag. Each Flag leads to another Flag and flag format is flag{blahblah}. Difficulty: Beginner/Intermediate

Corrosion 1 - VulnHub

The goal of this capture the flag is to gain root access to the target machine. The difficulty level is marked as easy. As a hint, it is mentioned that enumerating properly is the key to solving this CTF. Prerequisites would be knowledge of Linux commands and the ability to run some basic pentesting tools.

Cheesey CheeseyJack - VulnHub

Cheeseyjack aims to be an easy to medium level real-world-like box. Everything on this box is designed to make sense, and possibly teach you something. Enumeration will be key when attacking this machine. Hint: A cewl tool can help you get past a login page.

Symfonos:1 - VulnHub

Beginner real life based machine designed to teach a interesting way of obtaining a low priv shell. SHOULD work for both VMware and Virtualbox. - Name: symfonos: 1 - Difficulty: Beginner - Tested: VMware Workstation 15 Pro & VirtualBox 6.0 - DHCP Enabled

ICA 1 - VulnHub

According to information from our intelligence network, ICA is working on a secret project. We need to find out what the project is. Once you have the access information, send them to us. We will place a backdoor to access the system later. You just focus on what the project is. You will probably have to go through several layers of security. The Agency has full confidence that you will successfully complete this mission. Good Luck, Agent!

Durian:1 - VulnHub

Difficulty: Hard Tested: VMware Workstation 15.x Pro (This works better with VMware rather than VirtualBox) Goal: Get the root shell i.e.(root@localhost:~#) and then obtain flag under /root).

Back to Top ↑

hackthebox

Awkward - HackTheBox

Difficulty: Medium… The machine presents several technical challenges, including web application enumeration, exploiting an SSRF vulnerability, obtaining credentials and privilege escalation. Overall, ‘Awkward’ is a challenging machine that requires a combination of enumeration, research, scripting and exploitation skills to complete successfully.

Squashed - HackTheBox

Easy-level machine, a quiet interesting machine that is actually realistic. Squashed abuses a couple of NFS shares in a nice introduction to NFS.

Back to Top ↑