Writeups

Hey there! it’s been a while. In this write-up, I’ll be showing you how to set up your own metalsploitable lab for web application security and penetration testing. Downloading Metasploitable 2 First, go to google and search for metasploitable 2 and choose the one from sourceforge.net or visit the link provided below: (https://sourceforge.net/projects/metasploitable/). Click on Download and wait for some seconds for the zip file to download automatically. Setting Up Extract the ZIP file using your preferred ZIP extractor: Open virtualbox,click on New at the top, Enter: Enter the name of your machine, make sure the “Type” and “Version” is the same as the one in the image below.Leave the “ISO Image” field and click on next: Choose your preferred RAM and CPU size to allocate to the machine and click on next,i will use the default size since metasploitable doesn’t require much space and resources. Select “Use an Existing Virtual Hard Disk File” and click on the folder icon: Click on “Add”, locate where you extracted the zip file and select “Metasploitable.vmdk”.Click on Choose and finally next: Now click on “Start” to boot the machine and wait for some seconds,the default username and password is msfadmin: Type ifconfig to check the machine’s IP Address Open your browser, paste the metasploitable ip in the search bar and you should see the list of vulnerable servers been hosted on metasploitable you can get your hands dirty with. I will do writeups on how to hack some of these servers. ...

Platform: TryHackMe Link: Stickershop Level: Easy To read the flag in this very simple room, we must take advantage of a Cross-Site Scripting vulnerability. Scanning Using nmap to scan the target: nmap -sV -sC Target_IP -OG The_Sticker_Shop Results Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-30 19:58 GMT Nmap scan report for 10.10.97.238 Host is up (0.17s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 b2:54:8c:e2:d7:67:ab:8f:90:b3:6f:52:c2:73:37:69 (RSA) | 256 14:29:ec:36:95:e5:64:49:39:3f:b4:ec:ca:5f:ee:78 (ECDSA) |_ 256 19:eb:1f:c9:67:92:01:61:0c:14:fe:71:4b:0d:50:40 (ED25519) 8080/tcp open http Werkzeug httpd 3.0.1 (Python 3.8.10) |_http-server-header: Werkzeug/3.0.1 Python/3.8.10 |_http-title: Cat Sticker Shop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 17.08 seconds we found two open ports; 22(SSH) and 8080(http) ...