CyberSec_Blog

  The ExfilNode challenge on TryHackMe is a medium-difficulty room that focuses on exploiting a Node.js application to gain initial access, followed by a clever lateral movement and privilege escalation involving sensitive data exfiltration. 1. Enumeration The process begins with a standard network scan. You’ll find a web server running a Node.js application. By exploring the site and its source code (or through directory brute-forcing), you identify an endpoint that allows for file uploads or processes user input in a way that is vulnerable to Command Injection. 2. Initial Foothold Vulnerability: The application fails to properly sanitize input before passing it to a system shell. Exploitation: By injecting a reverse shell payload (e.g., using bash or python), you gain a shell as a low-privileged user (typically www-data). Stabilization: Use Python's pty module to upgrade your shell to a fully interactive TTY. 3. Lateral Movement Once inside, you discover a second user on the syst...

     Someone decided corporate secrets are a free-for-all and our dear Liam thought he could play sneak-and-leak. This writeup walks through the hunt: the breadcrumbs on the endpoint, the USB that betrayed him, the dusty hotspot he used to dodge network logs, and the little executable the external actor insisted he run. Read it like a detective novel, but with more registry keys and less melodrama. Screenshots are left exactly where you asked — because evidence should always stare you in the face. Scenario Tech THM discovered their critical data had been leaked to the competitors. After an internal investigation, the company suspects Liam, a recently terminated employee who was working as a system engineer with Tech THM. This suspicion was raised as Liam had access to the leaked data in his company-provided workstation. He often worked late hours without clear justification for his extended presence. He was also caught roaming around the critical server room and taking pi...