Introduction Detailed walkthroughs for U.A. High School CTF challenges on TryHackMe . Summary This CTF challenge required participants to identify and exploit a hidden OS command injection vulnerability in the U.A. Superhero Academy’s website. Successful exploitation led to gaining root privileges on the system. Vulnerability The website contains a hidden functionality that allows for the execution of shell commands. This vulnerability can be exploited to gain unauthorized access to the system.

Introduction Detailed walkthroughs for Airplane CTF challenges on TryHackMe . Tools Used rustscan, ffuf, nessus, curl, nc, gdb, ssh-keygen, ssh Enumeration Lets start the process by mapping host-name to target IP address. sudo echo "10.10.249.133 airplane.thm" >> /etc/hosts Rustscan Let’s start enumaration process using rustscan portscanner. $ rustscan -a airplane.thm – -sC -sV Open 10.10.249.133:22 Open 10.10.249.133:6048 Open 10.10.249.133:8000 [~] Starting Script(s) [>] Running script "nmap -vvv -p {{port}} {{ip}} -sC -sV" on ip 10.

Introduction Detailed walkthrough for New York Flankees CTF challenges on TryHackMe . Tools Used rustscan, burpsuite Enumeration Lets start the process by mapping host-name to target IP address. sudo echo "10.10.140.44 nythm.com" >> /etc/hosts Let’s start enumaration process using rustscan portscanner. rustscan -a nythm.com – -sC -sV .—-. .-. .-. .—-..—. .—-. .—. .–. .-. .-. | {} }| { } |{ {__ {_ }{ {_ / ___} / {} | `| | | .

Introduction Detailed walkthrough for CyberLens CTF challenges on TryHackMe . Tools Used rustscan, ping, burpsuite, nc, metasploit, msfvenom. Enumeration Lets start the process by mapping host-name to target IP address. mapping cyberlens.thm to the target IP address When any user or application on the system tries to access cyberlens.thm, it will be directed to the IP address specified in the /etc/hosts file. Lets use rustscan for port scanning the target domain.