TryHackme Labs Notes

-

1. Download File from labs to local machine

You’re trying to download credentials.png from the target (10.201.61.46) onto your Kali machine, but your curl failed because port 80 (HTTP) isn’t open on the victim.

From the victim side (king@ubuntu shell), I notice credentials.png is already present in the directory (ls shows it). So the goal is to exfiltrate it to your attacker machine (Kali).

Here are a few ways to do it:




Comments

Post a Comment

Popular posts from this blog

Linux Privilege Escalation THM Room

-
Image
 Linux Privilege Escalation All Task Solution All Task Solution 2   Privilege escalation is a journey. There are no silver bullets, and much depends on the specific configuration of the target system. The kernel version, installed applications, supported programming languages, other users' passwords are a few key elements that will affect your road to the root shell. This room was designed to cover the main privilege escalation vectors and give you a better understanding of the process. This new skill will be an essential part of your arsenal whether you are participating in CTFs, taking certification exams, or working as a penetration tester.   What does "privilege escalation" mean? At it's core, Privilege Escalation usually involves going from a lower permission account to a higher permission one. More technically, it's the exploitation of a vulnerability, design flaw, or configuration oversight in an operating system or application to ga...
Read more

Windows Privilege Escalation THM Room

-
Image
Windows Privilege Escalation     INTRODUCTION During a penetration test, you will often have access to some Windows hosts with an unprivileged user. Unprivileged users will hold limited access, including their files and folders only, and have no means to perform administrative tasks on the host, preventing you from having complete control over your target. This room covers fundamental techniques that attackers can use to elevate privileges in a Windows environment, allowing you to use any initial unprivileged foothold on a host to escalate to an administrator account, where possible.  If you want to brush up on your skills first, you can have a look through the   Windows Fundamentals Module   or the   Hacking Windows Module .   Windows Privilege Escalation Windows Privilege Escalation Simply put, privilege escalation consists of using given access to a host with "user A" and leveraging it to gain access to "user B" by abusing a weakness in the ta...
Read more

Official (ISC)2 Certified in Cybersecurity (CC) Self-Paced Training. (Course Introduction and Chapter 1: Security Principles)

-
Image
Course Introduction Welcome to the Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training course! Congratulations on your interest in pursuing a career in cybersecurity. The Certified in Cybersecurity (CC) certification will demonstrate to employers that you have foundational knowledge of industry terminology, network security, security operations and policies and procedures that are necessary for an entry- or junior-level cybersecurity role. It will signal your understanding of fundamental security best practices, policies and procedures, as well as your willingness and ability to learn more and grow on the job.       Introduction from the (ISC)² CEO Dear Future Cybersecurity Leader: Congratulations! You are taking the first steps along the pathway to becoming a part of the global cybersecurity community and an (ISC) 2 member. Cybersecurity is in high demand by organizations and governments globally and we need your talents to help defend ...
Read more