Rated as easy in HT, and machine running on Linux. I have added the IP on my /etc/hosts file, let’s dive in.

Start by scanning the available ports we can work on. I always run masscan and nmap port scan for good measure.

masscan -i tun0 -p0–65535 — interactive 10.10.10.7


Rated as ‘easy’ in HTB, and one of the good practice box along infosec journey. Let’s try to learn new things…

I added the IP on my /etc/hosts

Then I ran nmap port scan.

nmap -p- — stylesheet /opt/nmap-bootstrap-xsl/nmap-bootstrap.xsl -oA nmap/portScan legacy.htb

Note: — stylesheet flag was just for me…


Today, I am going to write about one of my favorite boxes in term on initial enumeration, a lot of rabbit holes and I like the fact that the author spent effort and time to put a lot of files in the machine, perhaps to discourage us to further enumerate…


Disclaimer : All my post are intended for my personal notes, any methodologies, tools or ways that can be suggested are most welcome! :)

So now, I’ve come with the last room under advance exploitation section of ‘Offensive Path’ from Tryhackme.

The last room, relevant, was pretty exhausting for me…


Disclaimer : All my post are intended for my personal notes, any methodologies, tools or ways that can be suggested are most welcome! :)

Now let’s try to crack another fun box from tryhackme. A linux box named Skynet. …


Pickle Rick Room is part of beginner course of TryHackMe. It’s a machine where you will going to use the knowledge you gained from the OWASP top 10 and OWASP Juice Shop. It exploits the carelessness of developers and system administrators. It’s a relatively easy machine yet full of fun…


First let’s scan where our target resides on our network by issuing an arp-scan command.

┌──(root💀kali)-[~/Desktop/VulnHub/DC9]
└─# arp-scan 192.168.1.0/24
Interface: eth0, type: EN10MB, MAC: 00:0c:29:d7:d3:5f, IPv4: 192.168.1.14
Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.1.13 00:0c:29:be:a0:e7 VMware, Inc.

6 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9.7…


Let’s try to learn some from this old machine. Download the VM from VulnHub website, unzip and load in on our VM.

This was supposed to be an easy one and a great compliment from our Kioptrix level 1. Let’s begin.

Discover the IP of our target using arp-scan.

root@kali:~/Desktop/Kioptrix/kioptrix1.1#…


So, today we will going to explore more about buffer overflows, this time, in 32-bit linux running Crossfire v 1.9.0 with a publicly disclosed exploit.

Let’s start off by downloading crossfire from offsec. This version has disabled memory protections.

downloading crossfire.

Once we downloaded crossfire, ran it and should look like the…


Let’s try crack this room with some disclaimer that I am writing this while hacking the room at the same time, so I might not explain everything in detail nor have time to check my grammar and spelling.

I stumbled upon this room because I was currently studying buffer overflows…

mrZud0k0rn

“He-who-must-NOT-be-named”

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store