/writeups

Writeups for Vulnhub, Tryhackme and Others

Primary LanguagePython

Writeups

Please visit https://yufongg.github.io instead

Machines:

# Platform Machines
1 TryHackMe bufferOverflowPrep, Brainstorm, brainpan, gatekeeper, dailyBugle, gameZone, internal, overpass2, skynet, theMarket, Alfred, Blue, HackPark, Relevant, Steelmountain
2 Buffer Overflow Practice freeFloatFTP, dostackbufferoverflowgood, vulnserver-TRUN

Vulnhub TJ Null's List (Not Completed Yet)

Box Steps/Hints to Root
Symfonos 1
  1. SMB Fileshare Bruteforce
  2. Wordpress (Plugin Exploit LFI)
  3. SUID Binary (Path Hijacking)
Symfonos 2
  1. SMB + FTP Exploit
  2. CMS Exploit (RCE)
  3. Sudo (GTFO Bin)
Symfonos 3
  1. Hidden Dir (/underworld)
  2. Shellshock
  3. Cronjob + TCPDump
  4. Cronjob + Python Hijacking
Symfonos 4
  1. Compile exploits to root
Symfonos 5.2
  1. Compile exploits to root
Kioptrix - L1
  1. Compile exploits to root
Kioptrix - L2
  1. SQLi Auth Bypass
  2. Command Injection
  3. Kernel Exploit
Kioptrix - L3
  1. CMS Exploit
  2. Creds Found in Linux
  3. Buffer Overflow/Sudo/Kernel Exploit/
Kioptrix - L4
  1. SQLi Auth Bypass
  2. Escape Jail Shell
  3. SQL running as Root
Kioptrix - L5
  1. CMS Exploit (LFI)
  2. CMS Exploit (RCE)
  3. Kernel Exploit
DC 6
  1. Wordpress (Plugin)
  2. Creds Found in Linux
  3. Sudo
  4. Sudo
DC 9
  1. SQLi Database Enum
  2. Bruteforce HTTP Form
  3. LFI
  4. Port Knocking
  5. Bruteforce SSH
  6. Sudo
Troll 1
  1. FTP anon
  2. Wireshark
  3. Bruteforce SSH
  4. Cronjob/Kernel Exploit
Troll 2
  1. FTP w/ Obvious Creds
  2. Image Forensics
  3. Bruteforce Zip
  4. SSH + Jailshell
  5. 32 Bit Buffer Overflow
Troll 3
  1. FTP w/ Obvious Creds
  2. Image Forensics
  3. Bruteforce Zip
  4. SSH + Jailshell
  5. 32 Bit Buffer Overflow
PwnOSv2
  1. SQLi Insert Webshell/CMS Exploit
  2. Creds Found in Linux
PwnLab
  1. LFI
  2. File Upload + Bypass
  3. SUID Binary (Path Hijacking)
  4. SUID Binary (Command Injection)
SickOS
  1. HTTP PUT
  2. Vulnerable Binary
Temple Of Doom
  1. Web App Exploit
  2. Vulnerable Binary
  3. Sudo (GTFO Bin)
Vulnix
  1. SMTP Username Enum
  2. SSH Bruteforce
  3. NFS Fileshare
  4. no_root_squash
Web Developer
  1. Wireshark
  2. Wordpress (Upload Reverse Shell)
  3. Creds Found in Linux
  4. Sudo (GTFO Bin)
Zico2
  1. CMS Exploit
  2. Creds Found in Linux
  3. Creds Found in Linux
  4. Sudo (GTFO Bin)
SkyTower
  1. SQLi Auth Bypass + WAF Bypass
  2. Proxychains (Open up SSH)
  3. Creds Found in Linux
  4. Sudo
Fristileaks
  1. Hidden Dir (/fristi)
  2. HTML Hidden Text
  3. File Upload + Bypass
  4. Cronjob
  5. Reverse Engineering Password
  6. Sudo
LinSecurity
  1. NFS Fileshare
  2. Sudo (GTFO Bin)/SUID Binary (GTFO Bin)/Docker/systemd
PinkysPalacev2
  1. Hidden Dir (/secret)
  2. Port Knocking
  3. Bruteforce (cewl wordlist)
  4. Bruteforce SSH key
  5. SUID Binary
  6. Cronjob
  7. 64 Bit Buffer Overflow
Solid State 1
  1. Service Exploit
  2. Cronjob
Escalate_Linux
  1. Enumerate Users (SMB)
  2. HTTP RCE
  3. no_root_squash/SUID Binary (Path Hijacking)/SUID Binary
Wintermute
  1. Hidden Dir (/turing-bolo)
  2. LFI
  3. SUID Binary
  4. Pivot
  5. CMS Exploit
  6. LXD/Kernel Exploit
Born2Root
  1. Hidden Dir (/icons)
  2. Cronjob
  3. Bruteforce SSH
  4. Reused Creds
Stapler1
  1. Wordpress (Plugin)/(Bruteforce)/ Bruteforce FTP
  2. Creds Found in Linux/Cronjob/Kernel Exploit
Digitalworld.local(Bravery)
  1. Enumerate Users (SMB)
  2. Create Wordlist
  3. Bruteforce SMB Fileshare
  4. HTTP Dir Enum
  5. CMS Exploit
  6. no_root_squash/Cronjob/SUID Binary (GTFO Bin)
Digitalworld.local(Development)-notdone
Digitalworld.local(FALL)-notdone
Digitalworld.local(JOY)-notdone
Digitalworld.local(Mercy v2)-notdonee
DerpNStink
  1. Wordpress (Bruteforce + Plugin)
  2. Creds Found in Linux
  3. Wireshark
  4. Sudo
RickdiculouslyEasy
  1. Hidden Dir (passwords)
  2. Command Injection + Bypass Bash
  3. Bruteforce SSH
  4. Creds Found in Linux + additonal stuff
Sar1
  1. Web App Exploit
  2. Cronjob
Djinn
  1. FTP anon
  2. Command Injection + Bypass Bash
  3. Creds Found in Linux
  4. Sudo/Python2 Input Vuln/Decompile Python2 file
EVM1
  1. Wordpress (Upload Reverse Shell)
  2. Creds Found in Linux
HackMe
  1. SQLi Database Enum
  2. SUID Binary
Tommy Boy 1
  1. Hidden Web Dir (/prehistoricforest)
  2. Image Forensic
  3. Crack Hash
  4. Hidden Web Dir (/spanky)
  5. Bruteforce FTP
  6. Hidden Web Dir (/NickIzL33t)
  7. Edit User-Agent
  8. Generate password word list
  9. Bruteforce zip
  10. Wordpress (Bruteforce)
  11. Edit/Update mysql credentials
  12. Wordpress (Upload Reverse Shell)
Breach 1
  1. Hidden text
  2. Decode String
  3. Crack Hash
  4. Hidden Webpage (Click Image)
  5. Image Forensic (exiftool)
  6. Fuzz Search
  7. Decrypt SSL traffic
  8. Hidden Web Dir (/_M@nag3Me/html)
  9. Upload reverse shell
  10. Creds Found in Linux
  11. Image Forensic From Earlier
  12. Sudo (GTFO Bin)
Tiki 1
  1. SMB Fileshare Enum
  2. CMS Exploit
  3. Sudo
Prime 1
  1. Hidden Dir (/secret.txt, /image.php, /index.php)
  2. Enumerate parameters in .php files
  3. LFI
  4. Wordpress (Upload Reverse Shell)
  5. Sudo + Creds Found in Linux + Ciphertext
  6. Sudo/Kernel Exploit
Bob 1.0.1
  1. Command Injection + Bypass Bash
  2. Creds Found in Linux
  3. Sudo
DevGuru 1
  1. Hidden Web Dir (.git)
  2. Creds Found in (.git)
  3. CMS Exploit (RCE)
  4. Creds Found in Linux (.bak)
  5. CMS Exploit (RCE)
  6. Sudo Version Exploit + Sudo (GTFO Bin)
W34KN3SS
  1. Add entry to /etc/hosts
  2. SSL Version Exploit
  3. Decompile Python Binary
  4. Sudo
Lord of the Root 1.0.1
  1. Port Knocking
  2. SQLi Database Enum
  3. MySQL running as root/Kernel Exploit/Buffer Overflow
Glasglow Smile 1.1
  1. Bruteforce (Cewl Wordlist)
  2. Joomla (Upload Reverse Shell)
  3. Creds Found in Linux
  4. Ciphertext
  5. Password Protected Zipfile
  6. Cronjob
GoldenEye 1
  1. Hidden Text
  2. Bruteforce (POP3)
  3. Hidden Web Dir (/gnocertdir)
  4. Bruteforce (POP3)
  5. CMS Exploit (RCE)
  6. Kernel Exploit
Toppo 1
  1. Web Rabbit Hole
  2. SUID Binary (GTFO Bin)
Hack Me Please 1
  1. Hidden Text
  2. Hidden Dir (/seeddms51x/seeddms-5.1.22/)
  3. CMS Misconfiguration
  4. Update SQL Credentials
  5. CMS Exploit (RCE)
Healthcare 1
  1. CMS Exploit (SQLi)
  2. CMS Exploit (RCE)
  3. SUID Binary (Path Hijacking)
Brainpan 1
  1. Hidden Dir (/bin)
  2. Buffer Overflow
  3. Sudo (GTFO Bin)
Photographer 1
  1. SMB Fileshare Enum
  2. CMS Exploit (File Upload)
  3. SUID Binary (GTFO Bins)
NullByte 1
  1. Image Forensics
  2. SQLi Database Enum
  3. SUID Binary (Path Hijacking)