Secrets are meant to be secret

Page 2 of 6

The art of gaining root

Hi Guys, This is my First blog about Linux Privilege escalation. So Without wasting any time Let’s Start I’ll start with basics. So, /* WHAT IS LINUX AND PRIVILEGE ESCALATION? */ 1. Linux -: Linux is the best-known and most-used… Continue Reading →

Tryhackme – Blueprint

NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read further. Today let’s play Blueprint at “Do you have what is takes to hack into this Windows Machine?” Enumeration As always we start with a nmap… Continue Reading →

Attacktive Directory – Try Hack Me

NOTICE: (SPOILER!!) If you would like to solve it by yourself, don’t read further. Today let’s play Attacktive Directory at Challenge Task 1 Initiate the VPN connection and deploy the machine Task 2 -> Impacket Install Impacket, this is a… Continue Reading →

Android Penetration Testing: Creating Rooted AVD in Android Studio

Setting up Android testing environment if you’re looking for a platform other than Genymotion For a security enthusiast, a rooted android device is essential to perform dynamic assessments of android applications. They either rely on a physical device, or a… Continue Reading →

DNS Admin Privesc in Active Directory (AD)(Windows)

While working on a pentest lab which required abusing dnsadmin privileges, I came across this post , which is really good but felt like it didn’t properly explain few things including syntax. So this post is just an extension of… Continue Reading →

How I found a Remote Code Execution in OpenEDX

How I found a Remote Code Execution in OpenEDX OpenEDX platform is really cool Learning Management System, which is also Open source (this time I was testing the Ironwood release 2.5). You can check it out here: When I… Continue Reading →

TryHackMe King of the hill

1st a nmap scan root@kali:/opt/MS17-010-2012# nmap -A Starting Nmap 7.70 ( ) at 2020-05-18 03:19 EDT Stats: 0:01:03 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Nmap scan report for Host is up (0.028s latency)…. Continue Reading →


OpenAdmin retired today, was an easy Linux machine and was fun to root. So here’s my writeup for the same. Nmap scan gave us only two ports open. Port 22 (SSH) and 80 (HTTP) SSH seems to be latest version… Continue Reading →

DLL Hijacking Through Forwarding Technique.

What Is DLL Forwarding ? DLL forwarding is a technique in which a dll forward all faction request to different dll file. Ex. in below Image Application is using Proxy DLL file to execute its request through Real DLL. You… Continue Reading →


The Walkthrough corresponds to tomghost machine of tryhackme:- Vulnerability(CVE-2020-1938):- The Information of Vulnerability is given as:- is described as “AJP Request Injection and potential Remote Code Execution Enumeration:- Nmap scan:- nmap -sC -sV tomghost.thm22/tcp open ssh OpenSSH 7.2p2 Ubuntu… Continue Reading →

« Older posts Newer posts »

© 2021 MYSTIKO — Powered by WordPress

Theme by Anders NorenUp ↑