This is a write-up of the TryHackMe machine Brainstorm featuring a buffer overflow.

Enumeration

The usual Nmap scan comes back saying the host is down, let’s use the following command to scan the host assuming it is up:

Kali> nmap -Pn 10.10.166.128

Host discovery disabled (-Pn). All addresses…

This spider man themed machine is part of the Offensive Security learning path on tryhackme.com; follow along as we exploit Joomla CMS with SQL Injection, crack passwords with John the ripper, and take advantage of yum for privilege escalation!

Enumeration

Firstly, lets run an Nmap scan with the following command:

>nmap…

This walkthrough will be of the Windows box Bastard, focusing on post exploit privilege escalation.

Initial Scans

Let’s kick it off with our go-to Nmap scan. Using -sC for default scripts and -sV to enumerate versions, and finally, -oA to output all formats.

# Nmap 7.80 scan initiated Sun Aug 16 20:40:16…

Enumeration

We will start this box with the usual Nmap scan, using -sC for default scripts and -sV for enumerating versions and -oA to output all formats.

Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-07 15:02 EDT
Nmap scan report for 10.10.10.7
Host is up (0.041s latency).
Not shown: 988 closed ports
PORT…

We will be solving Devel from Hack the Box using the Metasploit framework.

The first thing I do when looking at a new box is to run a Nmap scan.

Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-01 18:12 EDT
Nmap scan report for 10.10.10.5
Host is up (0.050s latency).
Not shown: 65533…

Max Register

Follow along as I post CTF write-ups in preparation for the OSCP!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store