CTF

Try Hack Me – Part 6: Rise of the…

In this latest room (box) we take on Skynet! This box has a cool theme and was fun to play through.

This room starts to move away from the guided path and has far fewer flags, but it retains more than just a two-task approach to keep the person thinking about the types of vulnerability. I’m thinking it might be cool to ask defensive questions as well (something I might add into my room I’m building).

Well we don’t have time to waste, the machines might rise up and judgement day occur so let’s get pwning! Read more “Try Hack Me – Part 6: Rise of the Machines” →

CTF

Tech Tip: Simple Python3 HTTPS Server

Today’s tip is a quick post on how to create self signed HTTPS web services in python for when you need to transfer a file fast! Now in a live environment you are likely going to need to use a CA signed service such as LetsEncrypt etc. otherwise your clients will get a warning (or they will just click Accept and Continue etc. as most people do! However this is a quick post to show how to use Python3 to host http and https services for staging payloads etc.

CTF

Try Hack Me: Part 5 – Game Zone

Getting my agent on!

Today we look at a vulnerable web application room based upon the Hitman series!

https://tryhackme.com/room/gamezone

This is a fun room where we see an old but common vulnerability in untrusted user input lead to sensitive information disclosure (hashed credentials) which results in a threat actor gaining initial access. From here we then discover there is a weak security configuration (in effective network segmentation) and a vulnerable unpatched service. This chain leads to total system compromise. Read more “Try Hack Me: Part 5 – Game Zone” →

CTF

Thinking of building a Capture the Flag game?

Capture all the things!

Capture the Flag (CTF) games seem to be all the rage now! I mean, I’m not complaining, I’ve been using these for years now and I’ve been building games for about a year so I’m super excited they are more popular, but popular != great. Read more “Thinking of building a Capture the Flag game?” →

CTF

Try Hack Me part 4: Alfred

To the bat cave and fetch me some tea!

Welcome back everyone! Today we are posting a walkthrough of the ALFRED room on TryHackThis!

https://tryhackme.com/room/alfred

This is a fun room; it’s got real world technology deployed and the paths are exactly what you might find IRL! Attacking commonly deployed enterprise products is something that I really enjoy seeing on a learning platform and CTF as I think this equips people for realistic scenarios both from an offensive and defensive perspective! Right, so let’s hop to it! “Alfred I need a laptop and some tea!” Read more “Try Hack Me part 4: Alfred” →

CTF

Try Hack Me Review: Part 3 – Vulniversity

Circling Back

Welcome back to anther post on my Try Hack Me line of blogs!

I realised I missed one of the first steps on the OSCP learning path which is the room: Vulnversity, so I thought I’d circle back and take this one on.

Enumeration/Recon

Let’s start off with a PING (ICMP echo) to see if the box is online!

Ping 10.10.209.152 -c 3 Read more “Try Hack Me Review: Part 3 – Vulniversity” →

CTF

Try Hack Me Review: Part 2 – Kenobi

The force is strong with this one

In our second post we are going to hit the Kenobi box! I’ve slowed down my note taking as I do this box, one thing I find is that it’s hard to sustain action and note taking over a short period of time. In this post we are going to focus on the commands I used to get the data I needed to progress. Read more “Try Hack Me Review: Part 2 – Kenobi” →

Guides

Basic Package Management in Kali Linux

Apt this Apt that!

One thing that I found quite hard to deal with when I started using Linux coming from a Windows background was the package manager. I thought I would run through some basics here to give people a kick start on their journey!

In the Linux world the operating systems have repositories that are maintained, think of this like the windows update catalogue (but it includes way more). Here we have all the OS files (packages) and application (packages). Read more “Basic Package Management in Kali Linux” →

Guides

Deploying Headless Kali 2020.1 then changing your mind!

Where did I leave my head?

You have deployed a system with console only mode, but you decide you want a desktop experience with pretty windows and all!

How did we get here? Well during install you get the option to select your desktop environment. By default on 2020.1 Xfce is selected, but if you highlight Xfce and press space (or in the gui if you untick) you will be left with an install that’s headless! Great for SSH access, not so good if you want to run burp suite etc. Read more “Deploying Headless Kali 2020.1 then changing your mind!” →

CTF

Reviewing ‘Try Hack Me’ – Part 1 – A…

I love a hacking adventure!

Off the back of running the BSIDES Leeds CTF, I’m back in the lab trying to work out my arrangements for work and trying to recover from the con and I stumbled across this on twitter: Read more “Reviewing ‘Try Hack Me’ – Part 1 – A New Hacky Adventure by mRr3b00t” →