HackMyVm Emma Walkthrough

Machine can be download here.Nmap scan ports.Scan folders and files at port 80.Check robots.txt.Check php version.Google find CVE exploit.Use pwn code from https://github.com/neex/phuip-fpizdam.Get reverse shell.Check ports.Login mysql as user root&n

HackMyVm CelebritySoup Walkthrough

Machine can be download here.nmap -p- -sC -sV --open -oN ports.log 192.168.56.57gobuster dir -u http://192.168.56.57 -t 50 -x .php,.html,.txt -w /usr/share/dirbuster/word

HackMyVm Brain Walkthrough (LFI)

Machine can be download here.Nmap scan ports.Brutefoce port 80.Go on bruteforce in /brainstorm.wfuzz -w /usr/share/wfuzz/wordlist/general/common.txt --hh 0  'http://192.168.56.54/brainstorm/file.php?FUZZ=/etc/passwd&

HackMyVm Insomnia Walkthrough (RCE)

Machines can be download here.Nmap scan ports.Gobuster scan files and folders.Visit main page, get chat window.Visit chat.txt, chat history is here.Visit administration.php, get error.There should be some parameter for administration.php.wfuzz -

HackMyVm Neobank Walkthrough (python requests, google authentication)

Medium level, machine can be download here.Nmap scan ports, only 5000 is open.Gobuster scan folders and files with medium dic.gobuster dir -u http://192.168.56.48:5000 -t 50 -x .php,.html,.txt -w /usr/shar

HackMyVm Locker Walkthrough (privilege escalation through sulogin)

Machines can be download here. Easy but also interesting one.Nmap scan ports, only 80 is open.Open main page, very simple.Check source code, found locker.php.Click "Model 1", then redirect to locker.php and display a picture.Obviously, the

HackMyVm Tornado Walkthrough

(Tips:LFI through alias, SQL Trunction Attack, Blind RCE, NPM to shell,Caesar Cipher)Very interesting and hard (in my opnion) VM. Can be download here. It's my first time playing a machine with lots of new stuff, so I write this walkthrough for l

HackMyVm Narcos Walkthrough

Another very interesting VM from HackMyVm, can be download here.Nmap scan ports.At port 80, there is a static html page.  Bruteforce the folders and files.There is a squirrelmail site, but we can not login now.After stuck here for some time, we

HackMyVm Adroit Walkthrough (very tricky)

Machines can be download here.Nmap scan ports first.Start from 21 port. Log in ftp as anonymous user, and download all the three files.Here's note.txt.Check the structure.PNG, which show us the working theory of the jar program. That means we can

HackMyVm Attack Walkthrough (very interesting!)

A very interesting CTF VM from HackMyVm, can be download here.nmap ports scan.At 80 port, index.html has useful message.Wireshark capture file has extension: pacp. Add it to the folder/file brutefore options.gobuster dir -u http://192.
<< < 3 4 5 6 7 8 9 10 11 12 > >>

Powered By Z-BlogPHP 1.7.2