Hello Fellow Cyber Security Enthusiast !!!

This room is from try hack me prepared by Trib3rius. I am writing the walkthrough for OVERFLOW3. Let’s start. First of all, I am going to RDP to the target device. I will start the immunity debugger and attach oscp (vulnerable server) to the debugger. The oscp server is listening in port 1337. Now let’s find out what are the command parameters that this server inputs. I can see 10 commands that are valid....

This walkthrough is for Granny box from Hack the Box which is also on the TJnull list of practice boxes for OSCP preparation. The box involved the following: webdav MOVE options exploit to upload aspx file. Service user token impersonate for privilege escalation. I always start my enumeration from the autorecon scan. Initial Nmap scan results are as below. Nmap scan report for 10.10.10.15 Host is up, received user-set (0....

This walkthrough is for Arctic box from Hack the Box which is also on the TJnull list of practice boxes for OSCP preparation. The box involved the following: Manual Directory Enumeration on port 8500 Adobe ColdFusion RCE exploit for initial foothold Kernel exploit for privilege escalation I always start my enumeration from the autorecon scan. Initial Nmap scan results are as below. Nmap scan report for 10.10.10.11 Host is up, received user-set (0....

This walkthrough is for Granny box from Hack the Box which is also on the TJnull list of practice boxes for OSCP preparation. The box involved the following: webdav MOVE options exploit to upload aspx file. Service user token impersonate for privilege escalation. I always start my enumeration from the autorecon scan. Initial Nmap scan results are as below.

This box is from Hack The Box and is also on the TJnull list of practice boxes for OSCP preparation. The box involved the follows: Web Enumeration Command Injection for Initial shell Exploit Screen 4.5.0 for privilege escalation I always start my enumeration from the autorecon scan. Initial Nmap scan results are as below. Scanned at 2022-05-04 11:43:45 AEST for 12s Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 7....

This box is from Hack the Box and is also on the TJnull list of practice boxes for OSCP preparation. The box involved the follows: Web Enumeration File Uploads Bypass to uplaod a maliciouos PHP file for initial shell Dirty Cow exploit for Privilege Escalation. I always start my enumeration from the autorecon scan. Initial Nmap scan results are as below. Nmap scan report for 10.10.10.6 Host is up, received user-set (0....

This box is from VulnHub and is also on the TJnull list of practice boxes for OSCP preparation. The box involved the follows: Web Enumeration ( HTTP and HTTPS) Authentication bruteforce using Hydra Exploiting phpLiteAdmin to upload malicious PHP code LFI modification to get the shell. Checking the procesess using pspy Exploiting the chkrootkit vulnerability for privilege escalation I always start my enumeration from the autorecon scan. Initial Nmap scan results are as below:...

This box was downloaded from VulnHub and is also on the TJnull list of practice boxes for OSCP preparation. The box involved the follows: Web enumeration Exploiting the php bash shell to get the initial shell Exploiting the cron job for privilege escalation I always start my enumeration from the autorecon scan. Initial Nmap scan results are as below: Scanned at 2022-04-25 18:44:39 EDT for 11s Not shown: 999 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 80/tcp open http syn-ack ttl 63 Apache httpd 2....

This box is from Hack The Box and is also on the TJnull list of practice boxes for OSCP preparation. The box involved the follows: Web Enumeration Exploiting ShellShock vulnerability fir initial shell Sudo No Password exploit for Privilege Escalation I always start my enumeration from the autorecon scan. Initial Nmap scan results are as below: Scanned at 2022-04-25 05:36:54 EDT for 11s Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 80/tcp open http syn-ack ttl 63 Apache httpd 2....

This box was downloaded from VulnHub and is also on the TJnull list of practice boxes for OSCP preparation. The box involved the follows: Creating wordlist using cewl and bruteforcing mySQL commands to get the data from database Using pspy64 to find the process run by root and exploiting it for privilage escalation. I always start my enumeration from the autorecon scan. Initial Nmap scan results are as below: Scanned at 2022-04-21 03:32:33 EDT for 8s Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 64 OpenSSH 7....