TryHackMe: Chronicle

This is a write-up of the room Chronicle from TryHackMe. Recon To begin, start an Nmap scan of the box: nmap -sC -sV -oN nmap/init chronicle.thm You will get the following: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 b2:4c:49:da:7c:9a:3a:ba:6e:59:46:c2:a9:e6:a2:35 (RSA) | 256 7a:3e:30:70:cf:32:a4:f2:0a:cb:2b:42:08:0c:19:bd (ECDSA) |_ 256 4f:35:e1:33:96:84:5d:e5:b3:75:7d:d8:32:18:e0:a8 (ED25519) 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) |_http-server-header: Apache/2.4.29 (Ubuntu) |_http-title: Site doesn't have a title (text/html). …

TryHackMe: Dumping Router Firmware

This is a write-up of the room Dumping Router Firmware from TryHackMe. Task 1: Preparation Let’s first download the router firmware from this repository. Then make sure that binwalk has JFFS2 with the following commands: ~ sudo pip3 install cstruct ~ git clone https://github.com/sviehb/jefferson ~ cd jefferson && sudo python3 setup.py install Task 2: Investigating Firmware Analyse the firmware with strings by typing: ~ strings FW_WRT1900ACSV2.img Linksys WRT1900ACS Router @ #! …

TryHackMe: Overpass 2 - Hacked

This is a write-up for the room Overpass 2 - Hacked from TryHackMe. Task 1: Forensics - Analyse the PCAP First of all download the PCAP file for the room. Open the PCAP file in Wireshark sudo wireshark overpass2.pcapng You should see the following: What was the URL of the page they used to upload a reverse shell? If you look at the requests you can see that the URL to upload a file is: …

TryHackMe: That's The Ticket

This is a write-up/walkthrough of the room That’s The Ticket from TryHackMe. Nmap Scan First of all, we will do an Nmap scan ~ nmap -sC -sV -oN initial.nmap $IP We get the following results Website If we visit the website we see the following: Click on register and create an account. We then get taken to this dashboard: We can try basic XSS in the ticket input: </textarea><script>alert(1)</script> This works and we get the following: DNS and HTTP Logger If we go back to TryHackMe, we see that it is recommending the HTTP & DNS Logging tool on http://10. …