TryHackMe.com

Recon to foothold Let’s begin with a scan, first masscan rob:~/ $ sudo masscan -p1-65535,U:1-65535 10.10.34.135 --rate=1000 -e tun0 Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-15 21:04:27 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 8080/tcp on 10.10.34.135 Discovered open port 501/tcp on 10.10.34.135 Discovered open port 8000/tcp on 10.10.34.135 Discovered open port 21/tcp on 10.10.34.135 Discovered open port 80/tcp on 10.10.34.135 Discovered open port 22/tcp on 10....

Recon to foothold We’ll start with a comprehensive scan rob:ContainMe/ $ sudo masscan -p1-65535,U:1-65535 10.10.235.206 --rate=1000 -e tun0 [sudo] password for rob: Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-11-19 14:32:46 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 2222/tcp on 10.10.235.206 Discovered open port 8022/tcp on 10.10.235.206 Discovered open port 22/tcp on 10.10.235.206 Discovered open port 80/tcp on 10.10.235.206 And now an nmap for the found ports...

Another good box, perhaps more of a medium level than hard. Initial foothold needs long patient enumeration, wordlist choice is pretty key

A good box that rewards thorough enumeration, medium level is about right although privesc to root is pretty simple

Recon to foothold We are given an employee’s Twitter account, hakanbey, so let’s start there and look for potentially useful snippets We get a hostname to add to /etc/hosts We find an invitation to send an XSS or similar attack That’s about all we can extract from the Twitter account, let’s have a look at the deployed machine now, starting as always with a scan...

A fairly easy ‘medium’ box, once the couple of key concepts used are known. Very good CVE to demonstrate and good to read deeper on as a directory traversal example