Sign in

Some boxes sting…


Year of the Jellyfish is a room for the OSCP giveaway challenge, who complete the room by the 30th of April are entered into a raffle. The machine is a Linux machine. For user, the Monitorr web app has an RCE vulnerability but the exploit needs some edits to work. For root, the machine is vulnerable to dirty_sock due to a bug in the snapd API. This machine also comes with public IP address instead of an internal IP address(10.*.*.*).


Let’s start with an Nmap scan. There’re 8 ports open and the most interesting part is the SSL certificate of…

Can you save the island of Motunui?


Hello guys, this’s my writeup on the Motunui room from TryHackMe, a Moana themed Linux box. This room is rated as hard but it’s not that hard actually. Let’s jump in!


Start with an nmap scan which shows that there’re 6 ports open.

# Nmap 7.80 scan initiated Thu Oct  5 11:23:38 2020 as: nmap -sCV -oN nmap/initial -v
Nmap scan report for Host is up (0.21s latency).
Not shown: 994 filtered ports
22/tcp open ssh…


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store