[{"content":"Stapler:1 – VulnHub\nStapler:1 is a vulnerable machine hosted on VulnHub that simulates a real-world misconfiguration scenario through an FTP server. In this challenge, the machine allows anonymous FTP access without authentication, exposing files that provide initial footholds into the system. This misconfiguration is commonly encountered in penetration testing and can lead to serious security risks if exploited properly.\nThe approach begins with reconnaissance and network scanning to discover the target and its open ports. Once the FTP service is identified, the attacker leverages the anonymous login to gather information such as potential usernames from exposed files. With this data, brute-force attacks are performed using Hydra to crack credentials for both FTP and SSH services. Successful authentication provides access to user directories, where more sensitive files and credentials are discovered. Eventually, privilege escalation is achieved by using one of the compromised users with sudo access to gain root privileges.\nEach phase is executed using tools like netdiscover, nmap, ftp, hydra, and ssh, offering hands-on experience in enumeration, brute-force tactics, and privilege escalation methods commonly used in cybersecurity assessments.\nFor a detailed step-by-step walkthrough of the solution, refer to the attached PDF file:\n📄 Solution: Stapler:1.pdf\nPhoto by Philipp Katzenberger on Unsplash\n","date":"2025-05-15T00:00:00Z","image":"https://melisasaritas.github.io/p/stapler1/cover_hu_b16eafc10fd3011.jpg","permalink":"https://melisasaritas.github.io/p/stapler1/","title":"Stapler:1 – VulnHub"},{"content":"DC-1 – VulnHub\nDC-1 is a beginner-friendly vulnerable machine hosted on VulnHub, featuring a web application running on an outdated version of Drupal, a popular content management system. The goal is to exploit the CMS and ultimately gain root access by progressing through multiple phases of attack.\nThe process begins with scanning the network to identify open services such as SSH, HTTP, and RPC. Once the target is mapped, exploitation is carried out using a known vulnerability—CVE-2018-7600, also known as Drupalgeddon2—through the Metasploit framework. Upon successful exploitation, a reverse shell is established and upgraded for better interactivity. The final stage involves privilege escalation by leveraging a misconfigured SUID binary to obtain root-level access.\nEach phase is executed using tools like netdiscover, nmap, Metasploit, and native Linux commands, providing a realistic and hands-on experience with common offensive security techniques such as network enumeration, exploitation, and post-exploitation.\nFor a detailed step-by-step walkthrough of the solution, refer to the attached PDF file:\n📄 Solution: DC-1.pdf\nPhoto by Philipp Katzenberger on Unsplash\n","date":"2025-05-05T00:00:00Z","image":"https://melisasaritas.github.io/p/dc-1/cover_hu_b16eafc10fd3011.jpg","permalink":"https://melisasaritas.github.io/p/dc-1/","title":"DC-1 – VulnHub"},{"content":"Chrome – TryHackMe\nGoogle Chrome stores user credentials securely using the Windows Data Protection API (DPAPI), which relies on a master key tied to the user’s Windows credentials. This write-up focuses on solving the Chrome machine, which involves extracting and decrypting Chrome-stored credentials from a collection of provided files.\nThe approach includes analyzing captured network traffic, decompiling a .NET executable, decrypting AES-encrypted files, cracking the DPAPI password, and ultimately retrieving saved login credentials from Chrome’s database.\nEach phase is executed using tools like Wireshark, ILSpy, CyberChef, and pypykatz, offering hands-on experience with credential recovery and browser forensics.\nFor a detailed step-by-step walkthrough of the solution, refer to the attached PDF file:\n📄 Solution: Chrome.pdf\nPhoto by Philipp Katzenberger on Unsplash\n","date":"2025-04-20T00:00:00Z","image":"https://melisasaritas.github.io/p/chrome/cover_hu_b16eafc10fd3011.jpg","permalink":"https://melisasaritas.github.io/p/chrome/","title":"Chrome – TryHackMe"},{"content":"Attacktive Directory – TryHackMe\nActive Directory (AD) is a crucial component in Windows-based networks, providing authentication, security policies, and access control through a centralized domain controller. This write-up focuses on solving the Attactive Directory machine, which involves exploiting Active Directory vulnerabilities to gain privileged access.\nThe solution follows a structured approach, including reconnaissance, user enumeration, Kerberos abuse, folder discovery, and privilege escalation. Each step is carried out systematically using specialized tools to analyze and exploit security flaws effectively.\nFor a detailed step-by-step walkthrough of the solution, refer to the attached PDF file:\n📄 Solution: Attactive Directory.pdf\nPhoto by Philipp Katzenberger on Unsplash\n","date":"2025-04-06T00:00:00Z","image":"https://melisasaritas.github.io/p/attactive-directory/cover_hu_b16eafc10fd3011.jpg","permalink":"https://melisasaritas.github.io/p/attactive-directory/","title":"Attacktive Directory – TryHackMe"}]