How to create a CTF VM?

Hey, guys today I taught of creating a guide on how to create a simple CTF VM. Let’s get right into it. 1. Create your game plan 🤔 Planning is important. Say you’re constructing a house you got to have a plan. The same applies when you create your own CTF challenge. Here are some points you might want to […]

THM Writeup: Source

I did a nmap scan against the target and uncovered these open ports. 22/tcp open ssh OpenSSH 7.6p110000/tcp open http MiniServ 1.890 (Webmin) Now to the enumeration stage. I decided to go with the port 10000. If you do a search on Metasploit about MiniServ 1.890. There would be an interesting exploit that will show up. Ok looks nice now […]

THM Writeup: Psycho Break

[ Tasks ] The Nmap scan reveals that there are 3 ports open Let’s take a look at port 80. Check out the page source you will find a directory called “/sadiestRoom” mentioned in a comment. Grab the locker room key Ok, now it’s time to go to the next room which is the Locker Room before the poor guy […]

THM Writeup: Jack-of-All-Trades

Ok first of all I started with a Nmap scan. Discovered 2 open ports. But the services look wired because port 22 usually runs ssh while port 80 runs a web server. I tried accessing port 22 on my browser (firefox) and there was an error msg. Port 22 is a network port and by default, browsers don’t allow to […]

THM Writeup: Startup

As always start with a port scan against the target. I used nmap: Now let’s move on to the port 80 HTTP website. Start with a web directory scan to identify the web files/directories. There is a directory called “/files”. http://[Target Ip]/files Here’s what the note says: Huh, Maya might be a potential username. So let’s keep a note of […]