/images/krabatar.png

An Italian Linux/Unix Sysadmin And Record Collector!

TryHackMe : Oh My Webserver WriteUp

This is my writeup for the Oh My Webserver room/machine of the TryHackMe.com platform. Remember this is just how I solved/owned the machine, maybe there are different and fast paths but… Machine Can you root me? The machine is rated as a medium machine and if you’re looking for a good machine…go for it. Thanks a lot to tinyb0y for this machine! Thanks a lot also to the great cyberaguiar, he helped me to reach the proper vector (after the first unintended way to exploit the machine)!

TryHackMe : Plotted-TMS WriteUp

This is my writeup for the Plotted-TMS room/machine of the TryHackMe.com platform. Remember this is just how I solved/owned the machine, maybe there are different and fast paths but… Machine Enumeration is the key The machine is rated as an easy machine and if you’re looking for an easy machine with a different PE this is for you. Thanks a lot to sa.infinity8888 for this machine! The techiques used in this machine over a small enumeration:

TryHackMe : Gallery WriteUp

This is my writeup for the Gallery room/machine of TryHackMe.com platform. Remember this is just how I solved/owned the machine, maybe there are different and fast paths but… Machine Our gallery is not very well secured. The machine is rated as an easy machine and if you’re looking for a simple machine to practice/learn…do it. If you’re confortable with THM medium/hard rooms it will be a good exercise! The techiques used in this machine over a small enumeration:

TryHackMe : Lumberjack Turtle WriteUp

This is my writeup for the Lumberjack Turtle room/machine of TryHackMe.com platform. Remember this is just how I solved/owned the machine, maybe there are different and fast paths but… Machine No logs, no crime… so says the lumberjack. The machine is rated as a medium machine and it’s one of the best way to understand how the famous log4j vulnerability works. If it’s your first time with the log4j vuln I suggest, before starting this machine, to complete the walkthrough room created by John Hammond for TryHackme: Solar, exploiting log4j - Explore CVE-2021-44228, a vulnerability in log4j affecting almost all software under the sun.

HackTheBox : Horizontall WriteUp

This is my writeup for the Horizontall machine of hackthebox.com platform. The machine was retired today…so it’s now possible to publish a writeup. Remember this is just how I solved/owned the machine, maybe there are different and fast paths but… It’s an easy machine and the good/best part is…you’ve to enumerate a “lot” and change the exploit/PoC. Recon First of all I run a classic nmap scan: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 nmap -sC -sV -p- horizontall.

TryHackMe : Plotter-EMR WriteUp

This is my writeup for the Plotted-EMR room/machine of TryHackMe.com platform. Remember this is just how I solved/owned the machine, maybe there are different and fast paths but… Machine Tip: Enumeration is key! The machine is rated as an hard machine and yes…it is! I solved it with a mixture of techniques and different escalations. Thanks a lot to sa.infinity8888 for this amazing machine! The best part you can learn with this machine is abusing the wildcard injection and the cap_fowner capability.