I am Muhammad Yaqoob.
- I am passionate about sharing my experiences and insights with others.
- I hold Certifications such as eCPPT, CRTP, eMAPT, eJPT and AWS Cloud Practitioner.
- You will find Certification Reviews and blogs about Cyber Security here.
I am Muhammad Yaqoob.
Enumeration All the ports were scanned. ┌──(kali㉿kali)-[~/Desktop/hackthebox/keeper] └─$ nmap -p- --min-rate 1000 keeper.htb --oN AllPortScan.txt Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-18 18:13 EDT Nmap scan report for keeper.htb (10.10.11.227) Host is up (0.032s latency). Not shown: 65533 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http The ssh and http port were open. The service version and OS enumeration is being carried out with the following command....
What is CRTP? Certified Red Team Professional (CRTP) is beginner level red teaming certification focused on Active Directory by Altered Security. This certification exam proves that certified professionals have sufficient knowledge to perform Red Teaming engagement on an Active Directory environment. Price $249 (With 30 Days Lab Access) Passing Score OS command execution on all the five target servers. Allowed Time 25 hours exam time, and additional 48 hours for report....
What is eMAPT? eLearn Mobile Application Penetration Tester (eMAPT) is a Mobile Application Penetration Testing certification by INE (formerly known as eLearnSecurity). This exam proves that certified professionals have adequate knowledge to perform Penetration Testing of mobile applications (Android and IOS) and can provide exploit application. Price 400$ (Without training) Training Cost 749$ Passing score (Working Android Application as POC) Allowed time 7 days Proctored? No Link to purchase Here Exam Focused Areas Android Application Penetration Testing, Android Application Development My Experience: I started the exam in the morning of 18th May 2024, uploaded the report on 20th May 2024 and received the result on 29th May 2024....
What is eCPPT? eLearn Security Certified Professional Penetration Tester (eCPPT) is a Network penetration testing certification by INE. This exam proves that certified professionals have adequate knowledge to perform Penetration Testing on the network (multiple hosts and servers) and can provide the documentation of the findings. Price 400$ (Without training) Training Cost 749$ Passing score (Exploitation of all the machines and a good report) Allowed time 7 days for Pentesting and 7 days for report Proctored?...
In this challenge, we have to bypass two preg_match functions to get the flag. The Given Code <?php #read flag.txt highlight_file(__FILE__); $code = $_GET['cmd']; $blocked_functions = '/(exec|shell_exec|system|`)/i'; if (preg_match($blocked_functions, $code)) { die("Hacking attempt detected"); } else { $blocked_functions = "/flag/i"; if (preg_match($blocked_functions, $code)) { die("Hacking attempt detected"); } else{ eval(urldecode($code)); } } ?> Initially, It highlights the code file. Then it stores the ‘cmd’ get parameter value in code variable, it blocks all the functions through which we can execute the shell commands....
Setup The following entry is being added to the /etc/hosts. 10.10.57.136 cmess.thm Enumeration Nmap all ports scan is being run. The following was the result of the scan. ┌──(kali㉿kali)-[~/Desktop/tryhackme/cmess] └─$ nmap 10.10.57.136 -p- --min-rate 2500 Starting Nmap 7.93 ( https://nmap.org ) at 2023-08-31 16:44 EDT Warning: 10.10.57.136 giving up on port because retransmission cap hit (10). Nmap scan report for cmess.thm (10.10.57.136) Host is up (0.18s latency). Not shown: 65507 closed tcp ports (conn-refused), 26 filtered tcp ports (no-response) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 43....