Learn how to implement Trie & Solve a hard LeetCode problem

Sudo or SUID Misconfigurations? Easy exploit, explained.

1. Requirements

  • /bin/systemctl daemon-reload
  • /bin/systemctl restart *.service
  • /bin/systemctl daemon-reload
  • /bin/systemctl enable *.service -> /bin/systemctl start *.service

2. Code

Case 0 and Case 1

Learn about NFS, Python3 scripting, umount in This Medium THM Room.

coocuts clan, thm

1. Scanning & Enumeration

1.1. Port Scanning

Not shown: 996 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 e5:44:62:91:90:08:99:5d:e8:55:4f:69:ca:02:1c:10 (RSA)
| 256 e5:a7:b0:14:52:e1:c9:4e:0d:b8:1a:db:c5:d6:7e:f0 (ECDSA)
|_…

Priviledge Escalation to root user in 7 easy steps.

OpenSSL image with a lock on it

Priviledge Escalate to root using a cap_setuid capability in OpenSSL.

0. Checklist: Will It Work For Me?

  • getcap is the tool we will use
  • -r is the…

Lots of tools to learn: NFS, Redis & rsync. Top it off with a sweet PrivEsc exploit.

1. Scanning & Enumeration

1.1. Port Scanning

Not shown: 993 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 5e:27:8f:48:ae:2f:f8:89:bb:89:13:e3:9a:fd:63:40 (RSA)
|…

Easy THM Room. Enumerate, Wireshark Packet Exploration, Fun PrivEscs.

easy THM room smag grotto room background image

1. Scanning & Enumeration

1.1. Port Scanning

Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 74:e0:e1:b4:05:85:6a:15:68:7e:16:da:f2:c7:6b:ee (RSA)
| 256 bd:43:62:b9:a1:86:51:36:f8:c7:df:f9:0f:63:8f:a3 (ECDSA)
|_ 256 f9:e7:da:07:8f:10:af:97:0b:32:87:c9:32:d7:1b:76 (ED25519)
80/tcp open…

An Easy THM Room. All PrivEsc Paths Explored. Detailed Writeup.

THM Easy room image of ColddBox

1. Scanning & Enumeration

1.1. Port Scanning

Not shown: 999 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
|_http-generator: WordPress 4.1.31
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: ColddBox | One more machine

Easy THM Room. Brute-Force, Hash-Crack and A Simple Priv-Esc

1. Scanning & Enumeration

1.1. Port Scanning

Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 4b:0e:bf:14:fa:54:b3:5c:44:15:ed:b2:5d:a0:ac:8f (RSA)
| 256…

Easy THM Room. Steganography, Scripting, Clue Hunting and A Fun Priv-Esc.

1. Scanning & Enumeration

1.1. Port Scanning

Not shown: 998 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 ac:f9:85:10:52:65:6e:17:f5:1c:34:e7:d8:64:67:b1 (RSA)
| 256 dd:8e:5a:ec:b1:95:cd:dc:4d:01:b3:fe:5f:4e:12:c1 (ECDSA)
|_ 256 e9:ed:e3:eb:58:77:3b:00:5e:3a:f5:24:d8:58:34:8e (ED25519)
80/tcp open…

An Easy THM Room. Use Your Googling Skills, Read Through Employee Emails and Exploit a MOTD Banner.

Easy THM room image

1. Scanning & Enumeration

1.1. Port Scanning

Not shown: 996 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 90:35:66:f4:c6:d2:95:12:1b:e8:cd:de:aa:4e:03:23 (RSA)
| 256 53:9d:23:67:34:cf:0a:d5:5a:9a:11:74:bd:fd:de:71 (ECDSA)
|_ 256 a2:8f:db:ae:9e:3d:c9:e6:a9:ca:03:b1:d7:1b:66:83…

Tanishq Chaudhary

Breaking in Pen-Testing

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store