Introduction Detailed walkthroughs for U.A. High School CTF challenges on TryHackMe . Summary This CTF challenge required participants to identify and exploit a hidden OS command injection vulnerability in the U.A. Superhero Academy’s website. Successful exploitation led to gaining root privileges on the system. Vulnerability The website contains a hidden functionality that allows for the execution of shell commands. This vulnerability can be exploited to gain unauthorized access to the system.

Intro Nessus is a proprietary vulnerability scanner developed by Tenable, Inc. This blog is about the installation of Nessus Essentials on Linux. Installation Register First lets register in Tenable Nessus Essentials to get the activation code. Tenable Nessus Essentials Enter your information in the register form shown above, click Get Started. Download Nessus Mail with Activation Code We should have received a mail with Activation Code. Note down the activation code and click the Download Nessus for the downloading page.

Introduction Detailed walkthroughs for Airplane CTF challenges on TryHackMe . Tools Used rustscan, ffuf, nessus, curl, nc, gdb, ssh-keygen, ssh Enumeration Lets start the process by mapping host-name to target IP address. sudo echo "10.10.249.133 airplane.thm" >> /etc/hosts Rustscan Let’s start enumaration process using rustscan portscanner. $ rustscan -a airplane.thm – -sC -sV Open 10.10.249.133:22 Open 10.10.249.133:6048 Open 10.10.249.133:8000 [~] Starting Script(s) [>] Running script "nmap -vvv -p {{port}} {{ip}} -sC -sV" on ip 10.

Introduction Detailed walkthrough for New York Flankees CTF challenges on TryHackMe . Tools Used rustscan, burpsuite Enumeration Lets start the process by mapping host-name to target IP address. sudo echo "10.10.140.44 nythm.com" >> /etc/hosts Let’s start enumaration process using rustscan portscanner. rustscan -a nythm.com – -sC -sV .—-. .-. .-. .—-..—. .—-. .—. .–. .-. .-. | {} }| { } |{ {__ {_ }{ {_ / ___} / {} | `| | | .