https://challoufghassen.github.io/Glitch.A minimal, responsive and feature-rich Jekyll theme for technical writing. 2025-06-18T17:53:04+01:00 challouf gahssen https://challoufghassen.github.io/ Jekyll © 2025 challouf gahssen /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png Billing2025-06-17T00:00:00+01:00 2025-06-18T16:30:18+01:00 https://challoufghassen.github.io/posts/billing/ challouf gahssen Billing - TryHackMe Writeup Billing was a straightforward room where we exploited a command injection vulnerability in the MagnusBilling web application to gain an initial foothold. Afterwards, using our sudo privileges, which allowed us to interact with and configure the fail2ban-server, we successfully escalated to the root user and completed the room. Step 1: Initial Reconnaissance with Nma... Pickle Rick2025-06-13T00:00:00+01:00 2025-06-13T23:09:12+01:00 https://challoufghassen.github.io/posts/Pickle-Rick/ challouf gahssen Pickle Rick - TryHackMe Writeup This guide walks through solving the Pickle Rick TryHackMe challenge, a beginner-friendly CTF focused on web enumeration and shell techniques. Since TryHackMe machines use dynamic IPs, replace &lt;targetIP&gt; with the target machine’s IP and &lt;yourIP&gt; with your attacking machine’s IP. Step 1: Initial Reconnaissance with Nmap Scan the target to identify op... Zeus Banking Trojan2025-03-27T00:00:00+01:00 2025-05-04T20:45:01+01:00 https://challoufghassen.github.io/posts/Zeus-Banking-Trojan/ challouf gahssen Malware Analysis Report: zeus.pdf.exe Zeus Trojan Overview Background Information Purpose: Primarily created to be a financial banking trojan. First Spotted: 2007, when Zeus Trojan was caught stealing sensitive information from systems owned by the U.S. Department of Transportation. Variants: Over 573 known versions and 36 known families, according to Zeus Museum. Code Leak: Maliciou... (¯`·.¸¸.·´¯`·.¸¸.-> ᕼ𝓪𝓬ⓚIηᎶ <-.¸¸.·´¯`·.¸¸.·´¯)2024-12-22T00:00:00+01:00 2024-12-22T20:48:33+01:00 https://challoufghassen.github.io/posts/ challouf gahssen 🔴 RedTeam 0.Bookmark Redteam Approach This guide outlines a systematic approach to compromising a target host, starting from reconnaissance to post-exploitation. By following these steps, you’ll identify vulnerabilities, exploit weaknesses, maintain persistence, and exfiltrate valuable data, all while covering your tracks. Steps 1. Initial Reconnaissance Passive Reconnaissance Gather initial... The Sticker Shop2024-11-30T00:00:00+01:00 2024-11-30T00:00:00+01:00 https://challoufghassen.github.io/posts/The-Sticker-Shop/ challouf gahssen The Sticker Shop is a easy rated room on TryHackMe, We inspected the webpage by opening the site and using the Inspect Element tool. During this process, we found an endpoint named submit_feedback. We then navigated to the URL: http://10.10.50.243:8080/submit_feedback. This raised the possibility of a Cross-Site Scripting (XSS) vulnerability. To investigate further, we proceeded with testin...