Adams Apple

  • TryHackMe – Billing (Easy) Writeup

    Preamble

    In order to start practically applying some of the skills I’ve learned through Cybersecurity, I wanted to try some “CTF” (Capture The Flag) rooms on TryHackMe (https://tryhackme.com). TryHackMe is a website that provides vulnerable virtual machines (boxes) for users to try to break into, as well as step-by-step lessons through the fundamentals of cybersecurity. All-in-all, it’s been a great resource for me to learn.

    Overview

    Billing is an (Easy)(Red Team) room, which means it’s designed for the attacker to break into it, rather than diagnose and triage an attack (blue team). I chose this one since it’d be easy to start out with, I prefer the red team side of the education I’ve received so far, and it’s free (which was important for me to be able to work on this with a friend). In general, this room covers a vulnerable web application, enumeration, and privilege escalation. While the scenario is fake, it uses a real web application called Magnus Billing which has a GitHub page explaining their API here. While ultimately this room didn’t require intimate knowledge of their API or service to exploit, it may be good to read up on if any future rooms want to utilize the API to bypass the authentication of the website.

    (more…)

  • Hello World!

    Hey Everyone! This is the first post on my blog. After purchasing the domain “adamsapple.org,” I decided to set up a website to host the broad overview of my documentation on my homelab and learning in cybersecurity.

    Hopefully this helps someone else at some point, we’ll see!