TryHackMe SkyNet WriteUp

Complete TryHackMe SkyNet WriteUp

TryHackMe Skynet is a vulnerable Terminator themed Linux machine created to test our penetration testing knowledge in network scanning, enumeration, attack samba share, RFI attacks and privilege escalation. Start the Machine Before everything we need to start our machine and wait around a minute to start our recon phase. After the machine is up and… 

Complete TryHackMe CVE-2021-41773/42013

Amazing room TryHackMe CVE-2021-41773 / CVE-2021-42013 explaining how the new vulnerability on Apache Webserver 2.4.49 affecting the path normalization mechanism. TryHackMe CVE-2021-41773 On the 5th of October 2021, a CVE detailing a path traversal attack on Apache HTTP Server v2.4.49 was released. Assigned the number CVE-2021-41773, it was released with the following description: A flaw… 

Attack Linux DistCC Daemon Port 3632

Ultimate Guide to Attack Linux DistCC Daemon Port 3632

Attack Linux DistCC Daemon – This module uses a documented security weakness to execute arbitrary commands on any system running distccd. This module uses a documented security weakness to execute arbitrary commands on any system running distccd. Search Exploit Find respective Payload We Don’t have Root, now what? Privileged Escalation https://www.exploit-db.com/exploits/8572 https://www.debian.org/security/2009/dsa-1772 https://www.securityfocus.com/bid/34536

Attack PostgreSQL Server Port 5432

Ultimate Guide to Attack PostgreSQL Server Port 5432

Attack PostgreSQL – This module attempts to authenticate against a PostgreSQL instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Note that passwords may be either plaintext or MD5 formatted hashes. Rapid 7 What is PostgreSQL? PostgreSQL is a powerful, open source object-relational database system with over 30 years of…