https://bitfragment.com/tags/tryhackme/ Recent content in TryHackMe on BITFRAGMENT Hugo -- gohugo.io en-us <a href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank" rel="noopener">CC BY-NC 4.0</a> Mon, 26 Oct 2020 05:12:13 +0100 https://bitfragment.com/posts/tryhackme-throwback/ Mon, 26 Oct 2020 05:12:13 +0100 https://bitfragment.com/posts/tryhackme-throwback/ Introduction In this blog post, I am going to cover attacking a Windows infrastructure, from initial reconnaissance to domain dominance. Our target is Throwback Hacks Corporation - a company providing pentesting services who has hired us to perform a black-box pentest on their network. The Kill Chain The term kill chain was originally used as a military concept related to the structure of an attack; consisting of target identification, force dispatch to target, decision and order to attack the target, and finally the destruction of the target. https://bitfragment.com/posts/tryhackme-gaming-server-room/ Mon, 31 Aug 2020 21:22:13 +0100 https://bitfragment.com/posts/tryhackme-gaming-server-room/ Before we begin, you can access this room by creating an account with tryhackme.com and browsing to this link to join it, or by simply searching for &ldquo;GamingServer&rdquo; under the Hacktivities tab. Scanning &amp; Enumeration Running nmap # Nmap 7.80 scan initiated Mon Aug 31 09:48:52 2020 as: nmap -A -p- -vv -oA nmap/all 10.10.231.38 Nmap scan report for 10.10.231.38 Host is up, received syn-ack (0.087s latency). Scanned at 2020-08-31 09:48:53 BST for 64s Not shown: 65533 closed ports Reason: 65533 conn-refused PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack OpenSSH 7. https://bitfragment.com/posts/tryhackme-kiba-room/ Mon, 31 Aug 2020 20:02:10 +0100 https://bitfragment.com/posts/tryhackme-kiba-room/ Before we begin, you can access this room by creating an account with tryhackme.com and browsing to this link to join it, or by simply searching for &ldquo;Kiba&rdquo; under the Hacktivities tab. Scanning &amp; Enumeration Running nmap # Nmap 7.80 scan initiated Sun Aug 30 11:10:00 2020 as: nmap -A -p- -vv -oA nmap/all 10.10.212.50 Nmap scan report for 10.10.212.50 Host is up, received syn-ack (0.084s latency). Scanned at 2020-08-30 11:10:01 BST for 77s Not shown: 65531 closed ports Reason: 65531 conn-refused PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack OpenSSH 7. https://bitfragment.com/posts/tryhackme-recovery-room/ Sun, 30 Aug 2020 23:32:49 +0100 https://bitfragment.com/posts/tryhackme-recovery-room/ Before we begin, you can access this room by creating an account with tryhackme.com and browsing to this link to join it, or by simply searching for &ldquo;Recovery&rdquo; under the Hacktivities tab. This was quite an interesting room to work on, rather different from the usual boot 2 root scenarios we get. We are given a web server which has been infected by malware and all the files have been encrypted. https://bitfragment.com/posts/tryhackme-git-happens-room/ Mon, 24 Aug 2020 19:13:26 +0100 https://bitfragment.com/posts/tryhackme-git-happens-room/ Before we begin, you can access this room by creating an account with tryhackme.com and browsing to this link to join it, or by simply searching for &ldquo;Git Happens&rdquo; under the Hacktivities tab. Scanning &amp; Enumeration Running nmap # Nmap 7.80 scan initiated Thu Aug 27 07:33:57 2020 as: nmap -A -p- -vv -oA nmap/all 10.10.229.19 Nmap scan report for 10.10.229.19 Host is up, received syn-ack (0.086s latency). Scanned at 2020-08-27 07:33:58 BST for 53s Not shown: 65534 closed ports Reason: 65534 conn-refused PORT STATE SERVICE REASON VERSION 80/tcp open http syn-ack nginx 1. https://bitfragment.com/posts/tryhackme-lian-yu-room/ Sun, 23 Aug 2020 12:33:56 +0100 https://bitfragment.com/posts/tryhackme-lian-yu-room/ Before we begin, you can access this room by creating an account with tryhackme.com and browsing to this link to join it, or by simply searching for &ldquo;Lian YU&rdquo; under the Hacktivities tab. Scanning &amp; Enumeration Running nmap nmap -A -p- -vv -oA nmap/all 10.10.150.221 Nmap scan report for 10.10.150.221 Host is up, received syn-ack (0.075s latency). Scanned at 2020-08-07 16:08:39 BST for 50s Not shown: 65530 closed ports Reason: 65530 conn-refused PORT STATE SERVICE REASON VERSION 21/tcp open ftp syn-ack vsftpd 3. https://bitfragment.com/posts/tryhackme-easy-peasy-room/ Mon, 03 Aug 2020 00:18:16 +0100 https://bitfragment.com/posts/tryhackme-easy-peasy-room/ Before we begin, you can access this room by creating an account with tryhackme.com and browsing to this link to join it, or by simply searching for &ldquo;Easy Peasy&rdquo; under the Hacktivities tab. Scanning &amp; Enumeration Running nmap nmap -sV -sC -p- -oA nmap/all -vv 10.10.190.28 Nmap scan report for 10.10.190.28 Host is up, received syn-ack (0.093s latency). Scanned at 2020-08-03 10:01:19 BST for 208s Not shown: 65528 closed ports Reason: 65528 conn-refused PORT STATE SERVICE REASON VERSION 80/tcp open http syn-ack nginx 1. https://bitfragment.com/posts/tryhackme-smag-grotto-room/ Fri, 31 Jul 2020 10:18:16 +0100 https://bitfragment.com/posts/tryhackme-smag-grotto-room/ Before we begin, you can access this room by creating an account with tryhackme.com and browsing to this link to join it, or by simply searching for &ldquo;Smag Grotto&rdquo; under the Hacktivities tab. Reconnaissance browsing to the website on port 80, we are greeted with a welcome page stating the website is under active development; checking the source code, we cannot find anything helpful; robots.txt does not exist. Scanning &amp; Enumeration Running nmap nmap -sV -sC -oA nmap/top1000 -vv 10. https://bitfragment.com/posts/tryhackme-cmess-room/ Fri, 31 Jul 2020 09:22:16 +0100 https://bitfragment.com/posts/tryhackme-cmess-room/ Before we begin, you can access this room by creating an account with tryhackme.com and browsing to this link to join it, or by simply searching for &ldquo;CMesS&rdquo; under the Hacktivities tab. Reconnaissance blog powered by Gila CMS might be running a version released back in 2017 as per the copyright claim doesn&rsquo;t leak any username via blog posts doesn&rsquo;t leak anything via source code Scanning &amp; Enumeration Running nmap to find open ports # Nmap 7. https://bitfragment.com/posts/tryhackme-blue-room/ Fri, 31 Jul 2020 08:18:16 +0100 https://bitfragment.com/posts/tryhackme-blue-room/ Before we begin, you can access this room by creating an account with tryhackme.com and browsing this link to join it, or by simply searching for &ldquo;Blue&rdquo; under the Hacktivities tab. Scanning &amp; Enumeration Running nmap nmap -sV -sC -oA nmap/top1000 10.10.196.230 -vv There are quite a few interesting ports open on this box, amongst which 389 - RDP 445/139 - SMB 35 - RPC As part of the nmap scan, we now know: