John

Summary Basic Pentesting is the first machine in my Road to eJPTv2 series. It’s an excellent starting point because it covers several areas that appear on the exam: service enumeration (SMB, HTTP), directory fuzzing, SSH bruteforce, and SSH private key cracking. If you’re starting with TryHackMe and the eJPT, this machine is mandatory. Attribute Value Platform TryHackMe Difficulty Easy OS Linux Room Basic Pentesting Skills SMB Enum, Web Fuzzing, SSH Bruteforce, SSH Key Cracking Video version If you prefer to follow the walkthrough step by step, keep reading. The video covers the same process in visual format. ...

Resumen Basic Pentesting es la primera máquina de mi serie Camino a la eJPT. Es un excelente punto de partida porque toca varias áreas que aparecen en el examen: enumeración de servicios (SMB, HTTP), fuzzing de directorios, bruteforce de SSH y crackeo de claves privadas SSH. Si estás empezando con TryHackMe y la eJPT, esta máquina es obligatoria. Atributo Valor Plataforma TryHackMe Dificultad Fácil OS Linux Sala Basic Pentesting Skills Enum SMB, Fuzzing web, SSH bruteforce, Crackeo de claves SSH Versión en video Si prefieres seguir el walkthrough paso a paso, continúa leyendo. El video cubre el mismo proceso en formato visual. ...

Summary Lazy Admin is the sixth machine in the Road to eJPTv2 series and the most elaborate so far in terms of attack chain. There’s no single vector — you have to chain: two-layer fuzzing to find the CMS, credential extraction from an exposed MySQL backup, MD5 hash cracking, admin panel access, reverse shell upload, and an indirect privilege escalation via sudo Perl that modifies an intermediate script. Attribute Value Platform TryHackMe Difficulty Easy OS Linux Room Lazy Admin Skills Web Enum, CMS Exploitation, Hash Cracking, File Upload, Sudo Privesc (Perl) 🎥 Video version If you prefer to follow the walkthrough step by step, keep reading. The video covers the same process in visual format. ...

Resumen Lazy Admin es la sexta máquina de la serie Road to eJPTv2 y la más elaborada hasta ahora en términos de cadena de ataque. No hay un vector único — hay que encadenar: fuzzing en dos capas para encontrar el CMS, extracción de credenciales desde un backup MySQL expuesto, crackeo de hash MD5, acceso al panel admin, subida de reverse shell, y una escalada de privilegios indirecta via sudo Perl que modifica un script intermedio. ...