Mahmoud Abdelrahman’s Post

🚀 New Write-Up Alert: Solving the Machine GreenHorn Challenge on Hack The Box (HTB) 🛠️ I’m excited to share my latest write-up, where I walk through the complete process of tackling the Machine GreenHorn challenge from HTB. If you’re passionate about cybersecurity, penetration testing, or just love a good technical breakdown, this one’s for you! 🌐 🔍 Key Highlights: 1️⃣ Enumeration - Nmap Scan. 2️⃣ Foothold - Pluck Exploitation: Source Code Analysis : Identified that pass.php contains a hashed password. - Password Cracking : Cracked the hash to gain admin access. - RCE Exploit : Used CVE-2023–50564 PoC to gain a reverse shell. 3️⃣ Privilege Escalation - linpeas : Uploaded and ran linpeas to gather information. User Access : Exploited file owned by junior user to gain access and retrieve the USER FLAG. - PDF Analysis : Download PDF : Retrieved a PDF from junior's home directory. - Depix Tool : Used to recover a password from a pixelated image in the PDF. - Depix Execution : Processed image to extract plaintext password. 👉 Check out the full breakdown on Medium Link Below. #HackTheBox #HTB #Writeup #Walkthrough #CyberSecurity #PenTesting #EthicalHacking

🚀 New Write-Up Alert: Solving the Machine Sightless Challenge on Hack The Box (HTB) 🛠️ I’m excited to share my latest write-up, where I walk through the complete process of tackling the Machine Sightless challenge from HTB. If you’re passionate about cybersecurity, penetration testing, or just love a good technical breakdown, this one’s for you! 🌐 🔍 Key Highlights: 1️⃣ Enumeration - Nmap Scan. - Fuzzing for Subdomains and Endpoints. - Discovering SQLPad. 2️⃣ Foothold - Exploiting SQLPad (CVE-2022–0944). - Cracking the SQLPad Admin Password Hash. - SSH Login as Michael. 3️⃣ Privilege Escalation - Port Forwarding with SSH and Chisel. - Investigating Froxlor Web Panel. - Using LinPEAS for Privilege Escalation. - Gaining Root Access via RSA Key. 👉 Check out the full breakdown on Medium Link Below. #HackTheBox #HTB #Writeup #Walkthrough #CyberSecurity #PenTesting #EthicalHacking

🚀 New Write-Up Alert: Solving the Machine Blurry Challenge on Hack The Box (HTB) 🛠️ I’m excited to share my latest write-up, where I walk through the complete process of tackling the Machine Blurry challenge from HTB. If you’re passionate about cybersecurity, penetration testing, or just love a good technical breakdown, this one’s for you! 🌐 🔍 Key Highlights: 1️⃣ Enumeration -Nmap Scan. 2️⃣ Foothold -Exploiting ClearML RCE (CVE-2024–24590). -Setting up ClearML Credentials and Launching the Exploit. 3️⃣ Privilege Escalation -Stabilizing the Reverse Shell. -Sudo Privileges for /usr/bin/evaluate_model. -Creating a Malicious Model for Privilege Escalation. 👉 Check out the full breakdown on Medium Link Below. #HackTheBox #CyberSecurity #PenTesting #EthicalHacking

Came across an interesting tool this afternoon. The below looks like "Microsoft" but it's actually spoofed unicode text. I've seen unicode spoofs before but generally with obvious differences. This tool does it nearly perfectly. Watch out for more attacks like this. Місrоѕоft https://lnkd.in/gvS3pG7J #Cybersecurity

Interesting topic and some great content by HackTheBox.... Good Practice.

Just finished "Publisher" on TryHackMe 🙌 This was definitely not an easy 📦 - 😅 Gaining initial access wasn't too bad, but the #privesc portion was a lot of digging thru #misconfigurations and #suidbinaries 🔴 Had to find creative ways to get around the permissions and shell types - definitely recommend this one!! 👍 #redteam #hacking #hack #hacker #hackers #hackingtools #hackthebox #hackingskills #cyberskills #cyberdefense #cyberhackers #pentester #pentesting #pentest #penetrationtester #penetrationtesting #thm #penetrationtest #learningprogress #learningeveryday #learningisfun #learnbydoing #learnhacking #learncybersecurity #practicemakesperfect #practicewhatyoupreach #knowledgeispower #knowledgegrowth #cybersecurity #cybersecuritytraining #ethicalhacker #ethicalhacking #ethicalhackingtraining #ethicalhackingcourse #training #certified #certificationachievement #certificationachieved #practicaltraining #practicalskills #practicallearning #learningneverstops #2024success

🎉 Hack The Box Milestone Achieved! 🎉 I'm excited to share that I've successfully completed my third Tier 1 lab on Hack The Box, mastering the "Crocodile" machine! 🐊 This lab was an incredible journey into web application security and exploiting vulnerabilities. I used tools like Nmap for scanning and various techniques to uncover and exploit weaknesses. Each step was a valuable lesson in web security and penetration testing. A huge thanks to the Hack The Box community for providing such a challenging and educational platform. I'm eager to tackle more labs and continue growing my cybersecurity skills! #CyberSecurity #HackTheBox #Learning #CrocodileLab #PenetrationTesting #ContinuousLearning

Dear Community, I am pleased to announce that I have successfully completed a comprehensive walkthrough of the GreenHorn HTB machine. It is with great enthusiasm that I share this detailed guide with you all. For those working on HTB challenges or looking to further develop their penetration testing skills, this guide will provide valuable insights into the process. #PenetrationTest #CTFWriteUp #HackTheBox #CyberSecurity #InfoSec #RedTeam #VulnerabilityAssessment #ReportWriting #CTFChallenge #CVE

🚀 Excited to share my journey of solving Hack The Box challenges daily! Here's a key point from my latest adventure: 🔑 Key Point: • When accessing an FTP server on port 21, using the anonymous username can grant login without a password. Once logged in, you can use the dir command to list directories and the get command to download files. After downloading, verify the files' presence with ls and read their contents using cat to uncover potential usernames and passwords. • Using tools like Wappalyzer and GoBuster, we can gather essential information about a target's web technology and find critical files. For instance, GoBuster helped locate a /login.php page, leading to a login portal. After trying several username/password combinations, successful login provided access to a Server Manager admin panel. This shows the importance of thorough enumeration and strategic use of available tools in penetration testing. https://lnkd.in/dtHQX_Gs Stay tuned for more insights from my daily HackTheBox challenges! 💡 #CyberSecurity #EthicalHacking #HackTheBox #LearningEveryDay

🚨 Just completed the "GoldenEye" machine on Vulnhub! 🎯🕵️♂️ This James Bond-inspired box was an OSCP-style challenge that truly tested my skills. Here's a breakdown: - Initiated with thorough Nmap scans and Gobuster directory enumeration 🔍 - Performed in-depth source code analysis, uncovering critical information 🕵️♂️ - Successfully cracked POP3 passwords using Hydra 🔑 - Exploited a spell-checking vulnerability in Moodle for initial shell access 💻 - Navigated the system, gathering intelligence at each step 🗺️ - Culminated with a kernel exploit to achieve root access 👑 This machine brilliantly combined classic penetration testing techniques with creative problem-solving, showcasing why cybersecurity is such a dynamic field. Special thanks to creosote for designing this GoldenEye-themed machine. The attention to detail and movie references added an extra layer of engagement. For those interested in the technical details, you can find my full writeup here: https://lnkd.in/g2TKdBf2 This machine offers valuable experience for those looking to enhance their ethical hacking skills or prepare for advanced certifications. Also thanks to VULNHUB for providing a platform where we can find, download, and practice on these valuable resources. 🙏 #ethicalhacking #vulnhub #cybersecurity #pentesting #ctf #oscp #jamesbond