The Be Sure Blog

Use nmap and telnet to get the flag

Find the open FTP port and extract the flag!

How to retrieve the flag with SMB (Server-Message-Block)

How to extract the flag by logging in without a password

Scan for the open ports, log into the database and get the flag!

Get credentials via the open FTP port and use Gobuster to find the login file

Use Nmap, modify the hosts file and exploit LFI to grab the hash and crack it

Use Nmap, Gobuster, Ncat, PHP and the AWS CLI to capture the flag

Make good use of nmap, smbclient, mssqlclient, xp_cmdshell, winPEAS & psexec

Upload a PHP reverse shell, get user and then root privileges to pwn the machine

Crack the .zip archive, use sql injection and escalate your privileges to get the flags

Log4j exploitation, HTTP request modification & privilege escalation

Make use of the poorly configured service and get the flag

Gobuster is used to find the login page of the server by dir busting

MongoDB is a NoSQL database. Use the mongo cli to pwn the machine

Rsync is a fast file copying tool. We will use it to download the flag

Modify the hosts file, do dir busting and try common passwords to get the flag

Insert malicious code to leave the sandbox and get the flag!

Since we can't interact with the DB directly, we use tunneling

Default credentials help us to execute Groovy Script code to get a reverse shell

Browse the Windows shares with default credentials and extract the flag

Use TFTP, get a reverse shell, build and upload an Alpine image with root

Nmap, BurpSuite, Ncat, default credentials and misconfigurations

Use BurpSuite, Netcat, SSH, Gobuster and PHP to get a reverse shell

Exploit known vulnerabilities and capture the flags

Git Repo Dump, Arbitrary File Read, Remote Code Execution

Get the credentials and crack the password hash to get the flags

Get a reverse shell, break out of a Docker container and get the flags