mKingdom Summary Weak credentials in the admin portal. Hidden Creds in the backup file and environment. NMAP PORT STATE SERVICE REASON VERSION 85/tcp open http syn-ack Ap...

Airplane Summary LFI on the homepage. App is running on port 6048 –> Exploit get revershell. Priv with SUID. NMAP PORT STATE SERVICE REASON VERSION 22/tcp open s...

Creative Summary ‘beta’ subdomain SSRF –> LFI LPE with LD_Preload NMAP Nmap scan report for creative.thm (10.10.204.200) Host is up (0.40s latency). Not shown: 998 filter...

CyberLens Summary Port 61777 open ==> Apache Tika 1.17 Server ==> CVE-2018-1335 Use Metasploit exploit user Use PrivescCheck.ps1, check Windows Privilege Escalation Alwa...

Hack Smarter Security Summary Port 1311 open ==> DellEMC version 9.4.0.2 ==> CVE-2020-5377 Use creds login SSH Login SSH, check Privilege Escalation AV is running ==>...

Jupiter NMAP PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack OpenSSH 8.9p1 Ubuntu 3ubuntu0.1 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 ac:5b:be:79:2d:c9:7a:00:ed:9a:e...

Valley Summary Enumeration website get hidden directory Use creds login ftp –> creds –> user.txt Login SSH, analyse binary file -> creds Change user –> check cron...

Weasel Summary SMBclient check valid location Got jupyter token Open new Terminal on jupyter notebook Privilege Escalation on jupyter console Check linux enviroment(Docker...

VulnNet: dotjar room Nmap PORT STATE SERVICE REASON VERSION 8009/tcp open ajp13 syn-ack Apache Jserv (Protocol v1.3) | ajp-methods: |_ Supported methods: GET HEAD POST OPTIONS 8080/tcp ...

THM Capture NMAP Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-06 15:40 +07 Nmap scan report for 10.10.236.121 Host is up (0.31s latency). Not shown: 999 closed tcp ports (reset) PORT STAT...