Araiz's Offensive Writeups

Writeup — TwoMillion By Araiz Naqvi Prepared By Araiz Naqvi . In case you’re not able to view the entire writeup, visit my personal blog to view it fully. Overview - Difficulty: Easy - Operating System: Linux - Objective: Understand potential breaking points in twomillion machine. - Tools Used: nmap , nc , curl , ffuf , burpsuite , de4js , cyberchef , SSH I tend to start enumerating as much basic information as I need before dwelving deeper. Scanning with Nmap I first start to check for what ports are open via a stealth scan: I see that ports 22 and 80 seem to be open. Let’s go ahead and run service and default script scans for these two ports specifically: Banner Grabbing Let’s continue with grabbing banners for SSH and HTTP , maybe getting some more important information. For SSH, I used nc command with the -nv flag: For HTTP, I used curl with the -IL flag: Ffuf and Gobuster Enumeration Both Gobuster and Ffuf enumerations failed to enumerate any hidden subdomain...

Writeup — Sightless By Araiz Naqvi Overview Difficulty: Easy - Operating System: Linux - Objective : Understand potential breaking points in sightless machine. - Tools Used: Nmap , SSH , FTP , Burpsuite , Hashcat , John The Ripper , FoxyProxy , nc , Gobuster , curl , filezilla , keep2john , kpcli , dos2unix If you’re unable to view it fully due to Medium Subscriptions, you can view it at https://araizhacks.blogspot.com/2025/01/htb-cap-walkthrough.html I tend to start enumerating as much basic information as I need before delving deeper. Performing Nmap Scans As usual the very first step is to figure out what ports and hence what services are actually open. This will set the stage for how we will try to break in. Let’s start with a stealth scan with disabled arp pings to figure out what ports are open: It is clear that the following ports are open: - 21 ~ FTP - 22 ~ SSH - 80 ~ HTTP Now, let’s move further and scan for service versions and run the default scripts on these ...