Posts by Category

infosec

Tryhackme Ra Walkthrough

Ra is a windows machine which starts with a typical business website for Windcorp where there is a password reset function which can be used to change a user’s password to gain access to a SMB share to download spark live chat application which is vulnerable that can be used to harvest a user’s NTLM hash that can be used to gain initial access to the machine.On further exploring the machine a script can be seen that contains a username who’s password can be changed since the user has extended rights to change password as he is a member of the account operator group.Analysing the script we can see that there is command injection vulnerability that can be abused to gain admin privilege and pwn the machine

Back to Top ↑

capture the flag

Back to Top ↑

bugbounty

Back to Top ↑

tryhackme

Tryhackme Ra Walkthrough

Ra is a windows machine which starts with a typical business website for Windcorp where there is a password reset function which can be used to change a user’s password to gain access to a SMB share to download spark live chat application which is vulnerable that can be used to harvest a user’s NTLM hash that can be used to gain initial access to the machine.On further exploring the machine a script can be seen that contains a username who’s password can be changed since the user has extended rights to change password as he is a member of the account operator group.Analysing the script we can see that there is command injection vulnerability that can be abused to gain admin privilege and pwn the machine

Back to Top ↑