Hello guys back again with another walkthrough. This time we’ll be tackling colddbox from Tryhackme.

As usual we will start with NMAP for scanning the target

> nmap –sC –A <target_ip>


This article is for educational purpose. Do not use against any web app unless you are authorized.

What is Fuzzing?

Fuzzing is using security tools to automate input of data into websites or software. Fuzzing is extremely effective and can also be used to perform actions like finding hidden files/folders, trying username and password. Applications that are built poorly are often unable to handle data when overwhelmed. We can fuzz those apps to trigger an error condition which will be abused by a penetration tester or a bounty hunter.

GOBUSTER: this is a tool that helps discover web directories…


Redirecting Users to fake website.

DNS poisoning also called DNS cache spoofing is an attack which can corrupt domain name systems, causing g the name server to return an incorrect result record. This result in traffic being redirected to the attackers system.

An attacker can create a fake DNS entry which can be malicious. When a user tries visiting a legit site e.g. www.duckduckgo.com, the user will be redirected to the attacker’s site instead of the actual legit site.

Now let’s carry out example of DNS poisoning with ETTERCAP

First edit the etter.dns file in the…

finding a backdoor on a compromised wordpress docker container.

This machine is from pentester academy’s attack defense labs.

Machine name: System Backdoor


after accessing the machine, now let’s try to check the containers running on the target host

> docker ps

My Solution to This Box

first we conduct a port scan on the target to discover open port and also discover what services are running on those port, and also their version
> nmap -sV -sC -A <machine_ip>

My solution to this box.

This box’s difficulty is medium

First we use one of the most popular scanning tool in our toolkit to scan the host IP
> nmap -sS -sC -sV <machine_IP>

This relatively easy ctf challenge can be found on the site TryHackMe.
Now we deploy the machine and scan it for any open ports. In this example, I used nmap.
> nmap -sC -sS -sV -O -A <machine_ip>


First we will use nmap to scan the target ip to discover open ports
nmap -sC -sV -O <target ip>

Tryhackme Gaming Server Writeup.


First, I started off with a simple nmap scan.

nmap -Pn -sC -sV -v -oA

This showed me that there were two ports open on the machine, port 22 for SSH and port 80 for HTTP

Since there was a webpage,Simply checking the source of the websites index page showed a comment at the bottom referring to a user named john


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store