Sign in

Some boxes sting…

Summary

Year of the Jellyfish is a room for the OSCP giveaway challenge, who complete the room by the 30th of April are entered into a raffle. The machine is a Linux machine. For user, the Monitorr web app has an RCE vulnerability but the exploit needs some edits to work. For root, the machine is vulnerable to dirty_sock due to a bug in the snapd API. This machine also comes with public IP address instead of an internal IP address(10.*.*.*).

Enumeration

Let’s start with an Nmap scan. There’re 8 ports open and the most interesting part is the SSL certificate of…


Can you save the island of Motunui?

Summary

Hello guys, this’s my writeup on the Motunui room from TryHackMe, a Moana themed Linux box. This room is rated as hard but it’s not that hard actually. Let’s jump in!

Enumeration

Start with an nmap scan which shows that there’re 6 ports open.

# Nmap 7.80 scan initiated Thu Oct  5 11:23:38 2020 as: nmap -sCV -oN nmap/initial 10.10.223.235 -v
Nmap scan report for 10.10.223.235 Host is up (0.21s latency).
Not shown: 994 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh…

o

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store