Posts

Enterprise Writeup (TryHackMe Hard Machine)

-
Image
You just landed in an internal network. You scan the network and there’s only the Domain Controller… Overview Enterprise is a hard Windows / Active Directory machine from TryHackMe. This room showcases couple common misconfigurations and bad practices. We start with deep enumeration. We discover credentials on SMB share and Github repo. Then we crack password gained by Kerberoasting attack and get RDP access. Next, we perform post exploitation enumeration and find unquoted service path. We deliver our malicious program and get privileged shell, which we stabilize afterwards by migrating to stable process. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─# nmap -Pn -A -p- enterprise.thm -T5 Starting Nmap 7.98 ( https://nmap.org ) at 2026-03-29 07 :20 -0400 Warning: 10.112 .140 .190 giving up on port because retransmission cap hit (2). Nmap scan report for enterprise.thm (10.112.140.190) Host is up (0.023s latency). Not shown: 65504 ...
Post a Comment
Read more

Browsed Writeup (HackTheBox Medium Machine)

-
Image
Overview Browsed is a medium Linux machine from HackTheBox. This box showcases potential dangers of insecure browser extensions and beyond. We start by discovering an exposed Gitea instance, which stored source code for internal service. We identify a vulnerability and perform Bash arithmetic injection to get initial access. Once inside, we find a Python script. We inspect it’s source code and perform Python cache poisoning to get Root access. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─ # nmap -A 10.10.8.1 -T5 Starting Nmap 7.98 ( https://nmap.org ) at 2026-01-13 04:55 -0500 Nmap scan report for 10.10.8.1 Host is up (0.027s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.14 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 02:c8:a4:ba:c5:ed:0b:13:ef:b7:e7:d7:ef:a2:9d:92 (ECDSA) |_ 256 53:ea:be:c7:07:05:9d:aa:9f:44:f8:bf:32:ed:5c:9a (ED25519) 80/tcp open http nginx 1.24...
Post a Comment
Read more