Hello guys back again with another walkthrough. This time we’ll be tackling colddbox from Tryhackme.

As usual we will start with NMAP for scanning the target

> nmap –sC –A <target_ip>

FUZZING

This article is for educational purpose. Do not use against any web app unless you are authorized.

What is Fuzzing?

Fuzzing is using security tools to automate input of data into websites or software. Fuzzing is extremely effective and can also be used to perform actions like finding hidden…

DNS POISONING USING ETTERCAP

Redirecting Users to fake website.

DNS poisoning also called DNS cache spoofing is an attack which can corrupt domain name systems, causing g the name server to return an incorrect result record. This result in traffic being redirected to the attackers system.

An attacker can create…

finding a backdoor on a compromised wordpress docker container.

This machine is from pentester academy’s attack defense labs.

Machine name: System Backdoor

Solution

after accessing the machine, now let’s try to check the containers running on the target host

> docker ps

Tryhackme Gaming Server Writeup.

Enumerating.

First, I started off with a simple nmap scan.

nmap -Pn -sC -sV -v -oA 10.10.173.217

This showed me that there were two ports open on the machine, port 22 for SSH and port 80 for HTTP

Since there was a webpage,Simply checking the source…

Ifediniruozioma

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store