You are welcome to post your write-ups for retired Machines here!
To keep a uniformity on the write-ups, use the following style guide:
Sample:
We start by enumerating open ports and then drill down to each service for more information
[[email protected] ~]# nmap 10.10.10.123
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2017-09-11 15:42 EST
Interesting ports on 10.10.10.123:
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds
Seems that we have a web server. Lets dirb it!
[[email protected] ~]#dirb http://10.10.10.123/
-----------------
DIRB v1.9
By The Dark Raver
-----------------
START_TIME: Mon Jul 9 23:13:16 2007
URL_BASE: http://10.10.10.123/
WORDLIST_FILES: wordlists/common.txt
SERVER_BANNER: lighttpd/1.4.15
NOT_EXISTANT_CODE: 404 [NOT FOUND]
(Location: '' - Size: 345)
-----------------
Generating Wordlist...
Generated Words: 839
---- Scanning URL: http://10.10.10.123/ ----
FOUND: http://10.10.10.123/phpmyadmin/ (***) DIRECTORY (*)
Blah blah blah...
Comments
thanks. nice work
NE MUTLU TURKUM DIYENE
Hi. Are there any rules re: exposing the actual user/root tokens?
the real question is Why ? What's the point ?
Yeah that's a good point.
Type your comment
Type your comment
Are we allowed to make writeups for challenges which are not retired yet if we do not include any token/flags, only the method?
Type your comment> @hhg said:
Obviously not because you would be showing the methodogy to get the flags anyway.
If I make a website and upload all the writeups there, open retired machines' writeups and HASH-protected active machine writeups, how to get is approved by HTB?