Hello, this is my walkthrough of Cyborg challenge from https://tryhackme.com
Nmap scan :
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 db:b2:70:f3:07:ac:32:00:3f:81:b8:d0:3a:89:f3:65 (RSA)
| 256 68:e6:85:2f:69:65:5b:e7:c6:31:2c:8e:41:67:d7:ba (ECDSA)
|_ 256 56:2c:79:92:ca:23:c3:91:49:35:fa:dd:69:7c:ca:ab (ED25519)
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
So we have 2 open ports ! and nothing special, lets check web page!
Hello homies this is Fahd Abida from Crisis Team and here is the solution to a challenge we played me and my friend Jakoom lately
We had to solve the challenge twice because the first time there was a bug that gave us a simple way to exploit the target, then the second time after the patch!
Hello guys, this is Eddie_Mora from CRISIS Team, In this article, I will give a write up about a Web challenge I solved when playing Cyberyoddha CTF
The CTF was for newbies so all challenges were so easy but I will explain one about SQL injection!
The Challenge was named “Data Store 2” with 225 points!
The objective was to bypass this login panel, so the first thing to do us to check the source page but nothing interesting…
Then let's analyse the behaviours of the log-in function with Burpsuit Tool
So basically when using random credentials it gives “Ivalide…
Hello Hackers, today I will tell you how I was able to hack into the Phpmyadmin panel of a target and read all databases content
The story started when I wanted to thanks my teacher for all the knowledge he gave me during my 3 years of studies in the university of computer science, so I decided to offer a free pentest service to the University(Web app testing)
So as always we have the main target ‘www.Target.com’, the first thing to do is to collect interesting information and subdomain enumeration! I used ‘dnsdumpster.com’ for subdomains but unfortunately, I found nothing…
So the first step was to check the link of the challenge: http://192.171.20.103/Challenge1/
As you can see a simple page with some images from HxH anime, let's check the source code of the page!
Nothing interesting but this comment :
Hello community, today it's time to show you a sweet side from the hacking world, which is items collection.
So whats items collection mean in the infosec world?
Actually as in normal life, you may know a person or a group of people obsessed with collecting rare and valuable things that may don't exist anymore.
Then in this article, I will show the kind of items you can collect as a hacker, I may lose this item after this article because it seems illegal in a way, and it can be used to do malicious actions, anyway its 2020 and…
Hello guys, this is me again and today I will share with you how I was able to forget my sickness just by doing bug hunting and how I was able to get some sweet bugs in a private target.
So as everyone knows due to the COVID-19 we are all quarantined, which may look annoying for most peoples, but what about us we Hackers?
Well talking from my own experience, I really enjoy it especially its something I do all the time by passing hours and hours in front of my computers hunting for bugs without moving…
Everything was…