Mystiko

Ş̷̦̥̹̤̦͋̌̔͒̈́̉̈́͒͛̎̈́́͊̉̾̕̚e̶̜͖̻͆͒̌̇̈̀̐͆͑͌̀͝ͅc̷̨̖̱̥̤̓̈́̄̒̕͠ŗ̶̢̝̟̱͉̠̙̜͔̣̙͖͂̈͑̍̈̈́́̄̊̎̈̊͑̕͜͝͝ȩ̴̡̧̩̞̲̩͎͙̞͕̮̲̺͙̜̠̪̭͙͂̊̉̒͌̈̂̿̏̉͑ͅt̵̨̧̨̧̧̢͔̫͇͉̞̘̥̫̥̱̞̬̩̓̽͆̒̍̑̈́͑͆̍͜͠ş̶̛͇̪̝̝͕̻̪͇̭̖̘͇̼̞͉̮̏̀̾̅̏͜͜ͅ ̸̛̛̣͌̈́̋̂̅̋̈́̃̆͐́̀̐ȧ̶̧̨̜̠̟̖̼͈̰̻̞̥̞̣̀̌ͅͅr̶̡̡̡͇̝̻̞̤̘̻̩̖̞̮͚̜͓͚̩̞͐̽͝e̸̗͕̥̰̤͖̲͔̺͉̦̣̾̊̈́̿͛̀̀̂͗͑̋͌̓ ̸̛͔̣̬͉͖̟̟̠̬͍̞͈̤̓̊̀̽̓̋̒̿̂͊m̵̢̛̮̭̗̠͕̠͔̞̺̦̖̻̩͕͓̪̝̋̎͐͌̓̔̉͛̂̊͐̈́͂͌̐́̔̓̕͠é̴̢̡̢̟̲̝̙̬̱̱̳̥̠̞̤̬̯́͜͜ḁ̶̘̞͈͈̘͕̻̬̲̟̌͌̎̋̏̕͜͝͝n̸̛̙̦͎͍̰̖̗͚̼̈́̆̊̇̈́͝t̸͙͎͓̻̰̥̭̲̯̭̼͉̺̥̻͕͎̆̉̀̏̑́̉̌͗̽ ̶̹̗̅͋̄͛͑̓͗̀̽t̴̡̰͙̣͔̣͓̮̄̔͂̍͛̋̓͐͂̽͊̓̽͆̄̑ͅơ̵̧̫̐͌̓̾̈́̑̔̀̕͘͝͝ ̶̮̉͌̊̋̂̌̄̕b̷̨̛̞̫̝͈̼̫̝̬̟̱̓̔͊̆̄̓̽̌͘ë̷̢̧̻̘̻̞͎̝̣͚͚̬͎̤͇̖͙̪͔͔̓̎̀̾̈͌̄̂̑͂̔̾̉̅͝͠ ̵̛̟͚̳͇͔͉̈̀̓̓̔͂͑̈͛̀̉͊͋̈́͑̕̕̚͘r̴͕͔̗̓̿͠ę̷̢̥̳̟̱̝̤͉͎̱͚̙̫̦̗̆̓̑̒̂̋͒͂̇̒̒̐̕͝ͅv̸̡̛͉̫̙͕̣͇͓͖̺͔̦̞̖͚͒̂̈́͗͆́̃̅͗͐ȩ̸̧̧̧̦̪̙͔̱͉̪̩̜̅̀̅̑á̵̹̣̪̺̪͉͙͍̳̪̱̌͌͆͑̏͛̏͌̅̋̈́ļ̷̢̣̗̭̮͕̹̟͉̥̗͎̠̗͍̖͋̈́̅̈͆̀̾̂̆̉̎e̴̛̛̻͂̈͌̉́̌̓̾̐̂̚d̶̩̭̝͈̖͙̭͔͎̖̄̏̇̊̏̎̏̓̓̊̌̆̀̄̅̑̒̈́́

Page 2 of 6

Engine

172.31.1.16 CyberSec Labs Engine Walkthrough Port 80 open Gobuster finds a directory /blog It is blogengine cms which is not configured properly and has default creds admin:admin There’s an RCE exploit available for the same Python exploit.py –t 172.31.1.16/blog –l… Continue Reading →

Attacking Kerberos

NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read further. Today let’s play  Tryhackme’s Attackingkerberos athttps://tryhackme.com/room/attackingkerberos[Task 1] Introduction This room will cover all of the basics of attacking Kerberos the windows ticket-granting service; we’ll cover the following:… Continue Reading →

The art of gaining root

Hi Guys, This is my First blog about Linux Privilege escalation. So Without wasting any time Let’s Start I’ll start with basics. So, /* WHAT IS LINUX AND PRIVILEGE ESCALATION? */ 1. Linux -: Linux is the best-known and most-used… Continue Reading →

Tryhackme – Blueprint

NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read further. Today let’s play Blueprint at  https://tryhackme.com/room/blueprint “Do you have what is takes to hack into this Windows Machine?” Enumeration As always we start with a nmap… Continue Reading →

Attacktive Directory – Try Hack Me

NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read further. Today let’s play Attacktive Directory at Challenge Task 1 Initiate the VPN connection and deploy the machine Task 2 -> Impacket Install Impacket, this is a… Continue Reading →

Android Penetration Testing: Creating Rooted AVD in Android Studio

Setting up Android testing environment if you’re looking for a platform other than Genymotion For a security enthusiast, a rooted android device is essential to perform dynamic assessments of android applications. They either rely on a physical device, or a… Continue Reading →

DNS Admin Privesc in Active Directory (AD)(Windows)

While working on a pentest lab which required abusing dnsadmin privileges, I came across this post , which is really good but felt like it didn’t properly explain few things including syntax. So this post is just an extension of… Continue Reading →

How I found a Remote Code Execution in OpenEDX

How I found a Remote Code Execution in OpenEDX OpenEDX platform is really cool Learning Management System, which is also Open source (this time I was testing the Ironwood release 2.5). You can check it out here: https://open.edx.org/the-platform/ When I… Continue Reading →

TryHackMe King of the hill

1st a nmap scan root@kali:/opt/MS17-010-2012# nmap -A 10.10.148.6 Starting Nmap 7.70 ( https://nmap.org ) at 2020-05-18 03:19 EDT Stats: 0:01:03 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Nmap scan report for 10.10.148.6 Host is up (0.028s latency)…. Continue Reading →

OpenAdmin

OpenAdmin retired today, was an easy Linux machine and was fun to root. So here’s my writeup for the same. Nmap scan gave us only two ports open. Port 22 (SSH) and 80 (HTTP) SSH seems to be latest version… Continue Reading →

« Older posts Newer posts »
-->