{"id":106,"date":"2024-02-19T14:47:29","date_gmt":"2024-02-19T14:47:29","guid":{"rendered":"https:\/\/shaynepatelcybersecurityportfolio.online\/?p=106"},"modified":"2024-02-19T14:47:29","modified_gmt":"2024-02-19T14:47:29","slug":"ctf-rootme","status":"publish","type":"post","link":"https:\/\/shaynepatelcybersecurityportfolio.online\/?p=106","title":{"rendered":"CTF &#8211; RootMe"},"content":{"rendered":"\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">Recently, I&#8217;ve been learning more about Red Team tools and have started to apply them in practice. The perspective of learning the offensive side has given me much more of an understanding of what the defensive side is really going up against. I&#8217;ve done a couple of &#8216;Capture the Flag&#8217; challenges on TryHackMe and will talk through one here. This one is the RootMe CTF and some of the techniques used were:<\/mark><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">Port Scanning<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">URL Enumeration<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">PHP reverse shell<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">Privilege Escalation<\/mark><\/li>\n<\/ul>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">After deploying the machine, the second step was reconnaissance.<\/mark><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Task 2- Reconnaissance<\/h2>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">I needed to gain as much information on open ports and services as I could. The first command I executed was &#8216;<strong>sudo nmap -A -vv 10.10.123.41<\/strong>&#8216;:<\/mark><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">sudo = allows temporary root permission<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">-A = alias of traceroute, OS detection, and version detection<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">-vv = increasing verbosity to level 2<\/mark><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"808\" height=\"260\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/nmap-output.png\" alt=\"\" class=\"wp-image-108\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/nmap-output.png 808w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/nmap-output-300x97.png 300w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/nmap-output-768x247.png 768w\" sizes=\"auto, (max-width: 808px) 100vw, 808px\" \/><\/figure>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">From the Nmap output, we can see there are two open ports. Port 22 is open which runs\u00a0<strong>OpenSSH 7.6p1 Ubuntu 4ubuntu0.3<\/strong>. Port 80 is also open running\u00a0<strong>Apache httpd 2.4.29<\/strong>. This output allows me to answer the first 3 questions of task 2 which are pictured at the end of this section.<\/mark><\/p>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">My next task was to find any hidden directories on the web server using the GoBuster tool. The command I executed was &#8216;<strong>gobuster dir &#8211;url=http:\/\/10.10.123.41 -w \/usr\/share\/wordlists\/dirb\/common.txt<\/strong>&#8216; which found many hidden directories. <\/mark><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"722\" height=\"446\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/GoBuster-command-recon.png\" alt=\"\" class=\"wp-image-111\" style=\"width:653px;height:auto\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/GoBuster-command-recon.png 722w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/GoBuster-command-recon-300x185.png 300w\" sizes=\"auto, (max-width: 722px) 100vw, 722px\" \/><\/figure>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">The <strong>\/panel<\/strong> and <strong>\/uploads<\/strong> pages both warranted further investigation. The\u00a0<strong>\/panel\u00a0<\/strong>page appeared to be used to upload files. I uploaded a test file and then navigated to\u00a0<strong>\/uploads.<\/strong> This output allows me to answer the final questions for task 2 and move on to the next.<\/mark><\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"645\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/RootMe-Recon-Completed-1024x645.png\" alt=\"\" class=\"wp-image-110\" style=\"width:839px;height:auto\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/RootMe-Recon-Completed-1024x645.png 1024w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/RootMe-Recon-Completed-300x189.png 300w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/RootMe-Recon-Completed-768x484.png 768w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/RootMe-Recon-Completed.png 1250w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Task 3- Getting a shell<\/h2>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">I needed to create a shell on the web server to gain access and the best way to do that was using the \/panel directory since anyone could upload files to it making it a vulnerability. If I could upload and execute a file then I could establish a reverse shell.<\/mark><\/p>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">The best option for this web server would be a PHP script since I could create a web shell and use the web server as a gateway. That being said, I found a PHP-reverse-shell script on Git Hub and downloaded it to my Kali machine. That process was pretty simple as all I needed to update in the script was the IP address of my TryHackMe OpenVPN server. From there, I started a netcat listener and uploaded the file on the <strong>\/panels <\/strong>page.<\/mark><\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"503\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/failed-upload-part-2-1024x503.png\" alt=\"\" class=\"wp-image-114\" style=\"width:745px;height:auto\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/failed-upload-part-2-1024x503.png 1024w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/failed-upload-part-2-300x147.png 300w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/failed-upload-part-2-768x377.png 768w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/failed-upload-part-2-1536x754.png 1536w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/failed-upload-part-2.png 1605w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">As seen, it was denied. Looks like PHP is &#8216;not permitted&#8217;. After doing some research, a strategy used for identifying file upload vulnerability is by manipulating the extension. <\/mark><\/p>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\"> I downloaded a list of different extensions and headed to BurpSuite to automate an attack using &#8216;Intruder&#8217;. I started a proxy and tried uploading the file again so the PUT request would get intercepted.<\/mark><\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"412\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-intruder-1-1024x412.png\" alt=\"\" class=\"wp-image-118\" style=\"width:798px;height:auto\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-intruder-1-1024x412.png 1024w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-intruder-1-300x121.png 300w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-intruder-1-768x309.png 768w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-intruder-1-1536x619.png 1536w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-intruder-1.png 1927w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"283\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-intruder-2-1024x283.png\" alt=\"\" class=\"wp-image-119\" style=\"width:801px;height:auto\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-intruder-2-1024x283.png 1024w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-intruder-2-300x83.png 300w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-intruder-2-768x212.png 768w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-intruder-2-1536x425.png 1536w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-intruder-2.png 1995w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">As you see, the highlighted part is getting manipulated with different extensions from the list in the payload seen in the second visual.  Intruder will quickly send requests will trial file extensions so it doesn&#8217;t need to be done manually.  <\/mark><\/p>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">After the attack, I headed to the uploads directory on the web server so I see the files I uploaded.<\/mark><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"825\" height=\"690\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-uploads-directory.png\" alt=\"\" class=\"wp-image-121\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-uploads-directory.png 825w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-uploads-directory-300x251.png 300w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/burp-uploads-directory-768x642.png 768w\" sizes=\"auto, (max-width: 825px) 100vw, 825px\" \/><\/figure>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">I clicked through these until one was successfully executed. The rest of them gave errors. As I went through them, I would confirm the status with the intruder and the netcat listener.<\/mark><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"871\" height=\"178\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/nc-listener.png\" alt=\"\" class=\"wp-image-122\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/nc-listener.png 871w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/nc-listener-300x61.png 300w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/nc-listener-768x157.png 768w\" sizes=\"auto, (max-width: 871px) 100vw, 871px\" \/><\/figure>\n\n\n\n<p>The netcat listener confirms the reverse shell so I am in! TryHackMe gave us the file name containing the user flag: <strong>user.txt<\/strong>. I quickly searched for this flag using the command &#8216;<strong>find \/ -type f -name user.txt 2&gt;\/dev\/null<\/strong>&#8216;:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">-type f = you are telling &#8216;find&#8217; to exclusively look for files<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">-name user.txt = instructing the find command to search for a file with the name &#8220;user.txt&#8221;<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">2>\/dev\/null = so error messages do not show up as part of the search result<\/mark><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"361\" height=\"67\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/final-task-3-txt-output.png\" alt=\"\" class=\"wp-image-124\" style=\"width:631px;height:auto\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/final-task-3-txt-output.png 361w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/final-task-3-txt-output-300x56.png 300w\" sizes=\"auto, (max-width: 361px) 100vw, 361px\" \/><\/figure>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">This gave me the location of the file so I then opened the file with &#8216;<strong>cat \/var\/www\/user.txt<\/strong>&#8216;. This gave me the answer to the last question of Task 3.<\/mark><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"499\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/Task-3-Completed-1024x499.png\" alt=\"\" class=\"wp-image-125\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/Task-3-Completed-1024x499.png 1024w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/Task-3-Completed-300x146.png 300w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/Task-3-Completed-768x374.png 768w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/Task-3-Completed.png 1258w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Task 4- Privilege Escalation<\/h2>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">The last task was about gaining root access. The first question asked to search for files with SUID permissions and find a weird file. I ran &#8216;<strong>find \/ -user root -perm \/4000<\/strong>&#8216;. It looks for files with SUID permissions that can be run as root. The output gave many files so careful consideration was taken reading through these.<\/mark><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"537\" height=\"212\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/find-user-root.png\" alt=\"\" class=\"wp-image-127\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/find-user-root.png 537w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/find-user-root-300x118.png 300w\" sizes=\"auto, (max-width: 537px) 100vw, 537px\" \/><\/figure>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">I headed to GTFOBins page to check through each of the files to see if any have the SUID flag, which indicated it can be used to escalate privileges.  After going through them, I could confirm the answer to question 1 was <strong>\/user\/bin\/python<\/strong>.<\/mark><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"387\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/GTF0bin-1024x387.png\" alt=\"\" class=\"wp-image-128\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/GTF0bin-1024x387.png 1024w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/GTF0bin-300x113.png 300w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/GTF0bin-768x290.png 768w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/GTF0bin.png 1310w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">Since Python can be used to escalate privileges, I clicked on the SUID functions on the GTFObin site. It gives the command needed to achieve escalation which is the second one listed.<\/mark><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"547\" height=\"157\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/task-4-completion.png\" alt=\"\" class=\"wp-image-129\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/task-4-completion.png 547w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/task-4-completion-300x86.png 300w\" sizes=\"auto, (max-width: 547px) 100vw, 547px\" \/><\/figure>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">I ran the command given and was given the correct directory to search, along with &#8216;<strong>whoami<\/strong>&#8216; for confirmation I am the root user. I changed to the correct directory and read out the &#8216;<strong>root.txt file<\/strong>&#8216; for my final answer to task 4.<\/mark><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"650\" src=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/Task-4-Completed-1024x650.png\" alt=\"\" class=\"wp-image-126\" srcset=\"https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/Task-4-Completed-1024x650.png 1024w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/Task-4-Completed-300x191.png 300w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/Task-4-Completed-768x488.png 768w, https:\/\/shaynepatelcybersecurityportfolio.online\/wp-content\/uploads\/2024\/02\/Task-4-Completed.png 1220w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">I enjoyed rooting this box. It\u2019s simple but satisfying, and I learned about bypassing file name validation in the process. It was good to get my hands on more tools and put them together for a better understanding of how one must think on the fly. Here is a list of tools and commands I used throughout:<\/mark><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">nmap<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">gobuster<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">PHP reverse shell<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">BurpSuite<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">alternative extensions<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">netcat<\/mark><\/li>\n\n\n\n<li><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">python<\/mark><a href=\"https:\/\/medium.com\/tag\/hacking?source=post_page-----33ae2abf2611---------------hacking-----------------\"><\/a><\/li>\n<\/ul>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-black-color\">Thanks for reading along!<\/mark><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently, I&#8217;ve been learning more about Red Team tools and have started to apply them in practice. The perspective of learning the offensive side has given me much more of an understanding of what the defensive side is really going up against. I&#8217;ve done a couple of &#8216;Capture the Flag&#8217; challenges on TryHackMe and will [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-106","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=\/wp\/v2\/posts\/106","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=106"}],"version-history":[{"count":5,"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=\/wp\/v2\/posts\/106\/revisions"}],"predecessor-version":[{"id":133,"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=\/wp\/v2\/posts\/106\/revisions\/133"}],"wp:attachment":[{"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/shaynepatelcybersecurityportfolio.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}