-
TryHackMe: IDOR
Insecure Direct Object References are what we are trying next, and these are the things that I actually have tried myself before when I was a kid and idly spending time on the net. When you see your customer number up in the URL and you try changing it and reloading it to see if…
-
TryHackMe: Learning Path Update
So I nearly completed the Complete Beginner Pathway on TryHackMe, but as I was asking for help with a Metasploit task on the THM Discord server (I hadn’t set the LHOST correctly, and I needed to set it to listen to my OpenVPN IP), I came across a message from one of the Discord members…
-
TryHackMe: John the Ripper
This was a fun room to complete focussing on the password cracking tool John the Ripper. Definitely one of my favourite ones so far, getting password hashes and running them through the cracker in order to find out what the password was. Most of the activities in this one were just following the instructions and…
-
TryHackMe: Upload Vulnerabilities
What a crazy time I had in this room. It talks about vulnerabilities in upload forms that websites may use to allow users to upload files and things to the website. The first couple of tasks were rather easy – using the same file name to overwrite files already on the server. ie. Finding a…
-
TryHackMe: OWASP Juice Shop
The next room in my learning path was the OWASP (Open Web Application Security Project) Juice Shop. This is a fake vulnerable website for a juice shop set up to allow you to use various exploits and attacks. The first task has you browsing the website trying to gain knowledge from the posts that are…