THM Machines:
These are write-ups of some machines I’ve tried:
- agentsudoctf
- Anonymous
- BiteMe
- BountyHacker
- Cyborg
- DogCat
- Ignite
- Inclusion
- LazyAdminFinal
- LinuxPrivilegeEsclation
- PickleRick
- Relevant
- RootMe
- Tech_Supp0rt
- TheMarketPlace
- tomghost
- UltraTech
- WonderLand
Tips for THM Rooms:
- Firstly, scan all the ports using nmap and observe/analyse the scan result.
- If HTTP server found check for the directories using tools like gobuster.
- Look if any of the services of the open ports are exploitable in the exploit-db or any other medium.
-
LinPeas.sh - Looks after the binary and tools which can be used to escalate privilege in Linux.
-
LinEnum.sh - Enumerate the Linux Kernel
-
Hydra - Bruteforcing the servers with usernames and passwords
-
Binwalk - Firmware Extraction Engine specially useful for stegnography
-
Strace - Debugging and troubleshooting programs in Linux.
-
linux-exploit-suggester-2.pl - Looks for kernel exploit in Linux