Learn vim, a universal text editor that can be incredibly powerful when used properly. From basic text editing to editing of binary files, Vim can be an important arsenal in a security toolkit. You can access the room through this link: https://tryhackme.com/room/toolboxvim

Hi everyone, this is Mrinal Prakash aka EMPHAY on TryHackMe and today I am going to take you all to the walkthrough of the room on TryHackMe called “Toolbox: Vim” which is a pretty basic beginner friendly room and it falls into the category of easy rooms. So lets go ahead and dive in.

TASK 1

1. Install Vim
   No Answers…

A beginner orienteered guide on using the TOR network. You can access the room through this link: https://tryhackme.com/room/torforbeginners

Hi everyone, this is Mrinal Prakash aka EMPHAY on TryHackMe and today I am going to take you all to the walkthrough of the room on TryHackMe called “Tor” which is a pretty basic beginner friendly room and it falls into the category of easy rooms. So lets go ahead and dive in.

Tor is a free and open-source software for enabling anonymous communication. Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays…

This is the first of the two parts to JSON Web Tokens and how to attack them. While the first part talks about what exactly are JSON Web Tokens, their use and their vulnerabilties. While the second part of this writeup would be focusing on attacks.

Link to the first part: http://mrinalprakash4577.medium.com/json-web-tokens-and-how-to-attack-them-part-1-of-2-c4beba28be3d

BASIC ATTACKS

1. None Algorithm

JWT supports a “none” algorithm. If the application fails to verify the value of “alg” header, then we can change its value to “none” and in this way it omits the need of a valid signature for verification and also you may leave the signature blank.

This is the first of the two parts to JSON Web Tokens and how to attack them. While the first part talks about what exactly are JSON Web Tokens, their use and their vulnerabilties. While the second part of this writeup would be focusing on attacks.

Link to the second part: https://mrinalprakash4577.medium.com/json-web-tokens-and-how-to-attack-them-part-2-of-2-21b2bd6b0335

JWT stands for JSON Web Token. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

The client will…

This room is designed for users to get familiar with the Bolt CMS and how it can be exploited using Authenticated Remote Code Execution.

TASK 1: Deploy the machine

1. Start the machine
   No Answer needed

TASK 2 : Hack your way into the machine!

1. What port number has a web server with a CMS running?

Learn to use tmux, one of the most powerful multi-tasking tools on linux! You can access the room through this link: https://tryhackme.com/room/rptmux

Hi everyone, this is Mrinal Prakash aka EMPHAY on TryHackMe and today I am going to take you all to the walkthrough of the room on TryHackMe called “Tmux” which is a pretty basic beginner friendly room and it falls into the category of easy rooms. So lets go ahead and dive in.

1. First things first, let’s go ahead and install tmux. This can be done on Ubuntu/Kali with the command: apt-get install tmux
   No Answers needed
2. Once…

Learn to attack WPA(2) networks! Ideally you’ll want a smartphone with you for this, preferably one that supports hosting wifi hotspots so you can follow along. You can access the room through this link: https://tryhackme.com/room/wifihacking101

Hi everyone, this is Mrinal Prakash aka EMPHAY on TryHackMe and today I am going to take you all to the walkthrough of the room on TryHackMe called “Wifi Hacking 101” which is a pretty basic beginner friendly room and it falls into the category of easy rooms. So lets go ahead and dive in. …