NMAP is also known as Network-Mapper which is used for network discovery and security auditing.
Nmap can also detect :
Please Note : Do NOT run nmap against anything you do not have permission to. You can get into serious trouble.
The most common flags for scanning are-
-sn : Disable Port scan.
-Pn : Disable Ping scan. (Treat all…
Save this in a notepad as
PowerView.ps1 in the windows machine.
This is my cheat sheet for PowerView. These are some PowerView commands that I find useful for Active Directory/Domain enumeration. PowerView is a PowerShell tool to gain network situational awareness on Windows domains.
Open Command Prompt as administrator.
Then Type :
powershell -ep bypass
Then go to the directory where you saved the PowerView script then run this command :
Now you can begin the enumeration!
Get-Domain : Information about the domain
Get-NetComputer | select operatingsystem same as
You can find the link here : https://tryhackme.com/room/easyctf
So let us begin the challenge :)
As always we need to enumerate the machine for open ports and find vulnerabilities in them so that we can exploit them and get access to the machine.
We can use a tool called Nmap for that. I have made a blog about Nmap which you can check here.
nmap -sV -T4 IP
-sV : Stands for service version detection
-T4 : Make the scan faster.
IP : IP address of the machine.
[aksheet@archlinux THM]$ nmap -sV -T4 IPStarting Nmap 7.91 ( https://nmap.org )…
Room link : https://tryhackme.com/room/picklerick
As always we need to enumerate the services running on the machine. Let’s start with a nmap scan on the machine
nmap IP -sV -T4
IP: IP address of the machine
-sV: Enable service detection
-T4: Make the scan faster
$ nmap IP -sV -T4Starting Nmap 7.91 ( https://nmap.org ) at 2021–06–27 11:17 EDT
Nmap scan report for IP
Host is up (0.39s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.6 (Ubuntu Linux; protocol 2.0)80/tcp open http Apache httpd 2.4.18 ((Ubuntu))Service…
Room Link : https://tryhackme.com/room/zthweb2
IDOR, or Insecure Direct Object Reference, is the act of exploiting a misconfiguration in the way user input is handled, to access resources you wouldn’t ordinarily be able to access.
For example, let’s say we’re logging into our bank account, and after correctly authenticating ourselves, we get taken to a URL like this
https://example.com/bank?account_number=1234. On that page we can see all our important bank details, and a user would do whatever they needed to do and move along their way thinking nothing is wrong.
There is however a potentially huge problem here, a hacker may be…