Learn how to implement Trie & Solve a hard LeetCode problem — Word Search II is an amazing problem, building on top of two other problems: Word Search I & Implement Prefix Tree. In this writeup, I explain the solution in detail with Python3 code. The first thing we discuss is the brute force solution and then we realize the use of…

Sudo or SUID Misconfigurations? Easy exploit, explained. — how-to 1. Requirements Case 0 You have the permissions to run /bin/systemctl as sudo or the SUID bit is set. This case is the easiest to deal with. Case 1 Permissions (at least): /bin/systemctl daemon-reload /bin/systemctl restart *.service Case 2 Permissions (at least): /bin/systemctl daemon-reload /bin/systemctl enable *.service -> /bin/systemctl start *.service

Learn about NFS, Python3 scripting, umount in This Medium THM Room. — Play 1. Scanning & Enumeration We do the below scans in parallel. 1.1. Port Scanning Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 e5:44:62:91:90:08:99:5d:e8:55:4f:69:ca:02:1c:10 (RSA) | 256 e5:a7:b0:14:52:e1:c9:4e:0d:b8:1a:db:c5:d6:7e:f0 (ECDSA) |_…

Priviledge Escalation to root user in 7 easy steps. — how-to Priviledge Escalate to root using a cap_setuid capability in OpenSSL. Consider the binary /usr/bin/openssl has capabilities set as: /usr/bin/openssl = cap_setuid+ep Is there a way to become root from a normal user by using this? YES! Let’s explore how. 0. Checklist: Will It Work For Me? Search all the binaries’ capibilities using: getcap -r / 2>/dev/null.

Lots of tools to learn: NFS, Redis & rsync. Top it off with a sweet PrivEsc exploit. — 1. Scanning & Enumeration 1.1. Port Scanning Not shown: 993 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 5e:27:8f:48:ae:2f:f8:89:bb:89:13:e3:9a:fd:63:40 (RSA) |…

Easy THM Room. Enumerate, Wireshark Packet Exploration, Fun PrivEscs. — Play 1. Scanning & Enumeration We do the below scans in parallel. 1.1. Port Scanning Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 74:e0:e1:b4:05:85:6a:15:68:7e:16:da:f2:c7:6b:ee (RSA) | 256 bd:43:62:b9:a1:86:51:36:f8:c7:df:f9:0f:63:8f:a3 (ECDSA) |_ 256 f9:e7:da:07:8f:10:af:97:0b:32:87:c9:32:d7:1b:76 (ED25519) 80/tcp open…

An Easy THM Room. All PrivEsc Paths Explored. Detailed Writeup. — Play 1. Scanning & Enumeration We do the below scans in parallel. 1.1. Port Scanning Not shown: 999 closed ports PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) |_http-generator: WordPress 4.1.31 | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-title: ColddBox | One more machine

Easy THM Room. Brute-Force, Hash-Crack and A Simple Priv-Esc — Play We do the below scans in parallel. 1. Scanning & Enumeration We do the below scans in parallel. 1.1. Port Scanning Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 4b:0e:bf:14:fa:54:b3:5c:44:15:ed:b2:5d:a0:ac:8f (RSA) | 256…

Easy THM Room. Steganography, Scripting, Clue Hunting and A Fun Priv-Esc. — Play 1. Scanning & Enumeration We do the below scans in parallel. 1.1. Port Scanning Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 ac:f9:85:10:52:65:6e:17:f5:1c:34:e7:d8:64:67:b1 (RSA) | 256 dd:8e:5a:ec:b1:95:cd:dc:4d:01:b3:fe:5f:4e:12:c1 (ECDSA) |_ 256 e9:ed:e3:eb:58:77:3b:00:5e:3a:f5:24:d8:58:34:8e (ED25519) 80/tcp open…