Skip to main content

Featured

Edward Snowden: A Journey from NSA Whistleblower to Global Icon

  Edward Snowden is one of the most significant figures in modern history, known for his courageous act of whistleblowing that exposed widespread government surveillance programs. His actions ignited global debates on privacy, security, and government transparency. This blog will walk through his journey—from his early career, his decision to leak classified information, the aftermath, and his ongoing impact on privacy and cybersecurity. Early Life and Career Edward Joseph Snowden was born on June 21, 1983, in Elizabeth City, North Carolina. His early life wasn't extraordinary, but he exhibited a strong interest in computers from a young age. Snowden dropped out of high school but later obtained a General Educational Development (GED) certificate. His passion for computers led him to study at a community college before moving into the technology field, where he worked for companies like Dell and Booz Allen Hamilton. His early career involved working as a systems engineer, but he so...
Post a Comment
Read more

Year of the rabbit walkthrough on tryhackme



The "Year of the Rabbit" room on TryHackMe is designed to introduce users to the basics of web application security through a series of tasks and challenges. In this room, participants will explore common vulnerabilities and learn fundamental techniques for identifying and exploiting them.

The room typically includes:

  1. Introduction to Web Security: A brief overview of web application security concepts.
  2. Vulnerability Identification: Exercises focusing on finding vulnerabilities in a web application.
  3. Exploitation Techniques: Practical tasks demonstrating how to exploit discovered vulnerabilities.
  4. Mitigation Strategies: Recommendations for fixing the vulnerabilities and improving web application security.

It's a hands-on learning experience aimed at beginners, providing foundational knowledge and practical skills in web application security. 

Let's start solving this room

1.)First deploy the machine and connect to vpn


2.) Lets run rustscan which ports are open

3.) Okay, now we know that 21-ftp, 22-ssh and 80-http port is open 

examine the website


4.) Let's bruteforce the directories of the website with gobuster



We found /assets directory

lets examine


Download style.css file using this command: wget <ip>/assets/style.css

5.) use cat command to see what's inside style.css



we got one more directory of the website

Let's launch the burpsuite and visit the website


In burpsuite we can see that we got another hidden directory let's visit that directory


Download the Hot_babe.png with the wget and use cat to see everything what's inside


congratulation we got the username and bunch of passwords (save the passwords in txt file) now we can bruteforce the ftp port with the hydra

6.) Hydra



7.) login into the ftp port using these credentials



Download the Eli's_creds.txt file we found on the ftp server

8.) using cat command see what's inside in the Eli's_creds.txt


Okay let's ask to chatgpt to analyze the hash



It's brainfuck algorithm Now we can decrypt


Congratulation we got the username and password of the ssh server

9.) Connect to the ssh server

then use this command: find / -name "s3cr3t" 2>>/dev/null

then ls -al

see we got the hidden file cat thehidden file



Let's go we got the password Gwendoline now use this command: su gwendoline


Congratulation we got first flag user.txt

10.) Privilege Escalation

use these commands

  • sudo -u#-1 /usr/bin/vi /home/gwendoline/user.txt
  • :!/bin/bash
Congratulation now we in root
let's take the last flag

Thank you for reading this walkthrough I hope you enjoy the journey BYE Happy Hacking!

Comments

Post a Comment

Popular Posts