Writeup on THM Room.

  • Steghide
  • zsteg
  • exiftool
  • Stegoveritas
  • Spectograms

The final slide introduces us to three challenges, here are my solutions:

exiftool exam1.jpeg…
  • Application Logs — contain events logged by applications or user programs
  • System Logs — contain events from drivers loaded and unloaded, network configurations, and windows service events
  • Security Logs — contain events related to Windows authentication and security processes such…
  1. What is the expected parent process?
  2. Is it running on the expected path?
  3. Is it spelled correctly?
  4. Is it running under the correct SID?
  5. Is…
  • Javascript
  • Python
  • Executables
  • Powershell Shellcode
remnux@thm-remnux:~/Tasks/3$ peepdf notsuspicious.pdf 
Warning: PyV8 is not installed!!
File: notsuspicious.pdf

Enumeration with Nmap

Not shown: 993 closed ports

Enumeration through nmap

nmap -p- -A

How many ports are open?

What is the version of nginx?

What is running on the highest port?

Compromising the Machine

Using GoBuster, find flag 1.

DIRB v2.22
By The Dark Raver
START_TIME: Thu Sep 23 20:40:33 2021
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------GENERATED WORDS: 4612---- Scanning URL: ----

Data Acquisition & Trust Certificates


cyber enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store