Jul 14, 2025 · 2 min read · Question 1 Sometimes, important files are hidden in plain sight. Check the root ('/') directory for a file named 'flag.txt' that might hold the key to the first flag. For this task, we have been told that a website is running (on port 80) so we don...
Join discussionJul 14, 2025 · 12 min read · Introduction Web applications are software programs that run on web servers and are accessible over the internet through web browsers. They are designed to provide interactive and dynamic functionality to users allowing them to perform various tasks,...
Join discussionJul 12, 2025 · 7 min read · Introduction In the context of penetration testing, social engineering is a technique used to manipulate individuals or employees within an organization to gain unauthorised access to sensitive information, systems of facilities. Social engineering w...
Join discussionJul 10, 2025 · 4 min read · CTF 1 Question 1 The file that stores user account details is worth a closer look. (target1.ine.local) After doing an Nmap scan on the target, we can see that port 22 is open and running libssh for which there is a Metasploit module available to ex...
Join discussionJul 7, 2025 · 19 min read · Introduction Post-exploitation is the final phase of a penetration test. it consists of the tactics, techniques and procedures that attackers undertake after obtaining initial access on a target system. It involves what you do once you have gained an...
Join discussionJun 17, 2025 · 10 min read · CTF 1 Question 1 Identify and exploit the vulnerable web application running on target1.ine.local and retrieve the flag from the root directory. The credentials admin:password1 may be useful. Firstly, let's run an Nmap scan. We can see that there i...
Join discussionJun 14, 2025 · 14 min read · Introduction Exploitation consists of techniques and tools used by adversaries / penetration testers to gain an initial foothold on a target system or network. You can only exploit a target if you know what is vulnerable. Exploitation methodology: I...
Join discussionJun 4, 2025 · 4 min read · CTF 1 Question 1 Gain access to the MSSQLSERVER account on the target machine to retrieve the first flag. Firstly, let's run an Nmap scan. We can see that an mssql 2012 server is open on port 1433. We can search in Metasploit for mssql 2012. We wil...
Join discussionJun 3, 2025 · 15 min read · Linux Exploitation View some of the notes for this section here - Enumeration Page. FTP Server Firstly, let's run an Nmap scan. We can see that vsftpd is running on port 21. We can now search for vsftpd and we see that we have an exploit module (vsft...
Join discussion
