Thilan Dissanayaka CTF Walkthroughs June 06, 2020

TryHackMe - Bugged Walkthrough

root@ip-10-201-114-74:~# nmap -sC -sV 10.201.84.15

Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.13 (Ubuntu Linux; protocol 2.0)

root@ip-10-201-114-74:~# nmap -sC -sV -p- 10.201.84.15
Starting Nmap 7.80 ( https://nmap.org ) at 2025-11-16 07:48 GMT

Nmap scan report for 10.201.84.15
Host is up (0.0058s latency).
Not shown: 65533 closed ports
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.13 (Ubuntu Linux; protocol 2.0)

1883/tcp open  mqtt
|_mqtt-subscribe: ERROR: Script execution failed (use -d to debug)

-p-Scan all 65,535 TCP portsDefault is top 1000 — never miss a port in OSCP. Hidden services often live on high portsThe IP of the target machineReplace with actual IP from TryHackMe (e.g., 10.10.123.45)

Blockchain 0x000 – Understanding the Fundamentals

Imagine a world where strangers can exchange money, share data, or execute agreements without ever needing to trust a central authority. No banks, no intermediaries, no single point of failure yet...

May 11, 2020 Identity & Access Management

Identity and Access Management (IAM)

Who are you — and what are you allowed to do? That's the fundamental question every secure system must answer. And it's exactly what Identity and Access Management (IAM) is built to solve.

May 07, 2020 Pet Projects

How I built a web based CPU Simulator

As someone passionate about computer engineering, reverse engineering, and system internals, I've always been fascinated by what happens "under the hood" of a computer. This curiosity led me to...

Apr 21, 2020 Exploit Development

Writing a Shell Code for Linux

Shellcode is a small piece of machine code used as the payload in exploit development. In this post, we write Linux shellcode from scratch — starting with a simple exit, building up to spawning a shell, and explaining every decision along the way.

Apr 12, 2020 Exploit Development

Exploiting a Stack Buffer Overflow on Windows

In a previous tutorial we discusses how we can exploit a buffer overflow vulnerability on a Linux machine. I wen through all theories in depth and explained each step. Now today we are going to jump...

Apr 08, 2020 Identity & Access Management

Access Control Models

Access control is one of the most fundamental concepts in security. Every time you set file permissions, assign user roles, or restrict access to a resource, you're implementing some form of access control. But not all access control is created equal...

Apr 01, 2020 Exploit Development

Exploiting a Stack Buffer Overflow on Linux

Have you ever wondered how attackers gain control over remote servers? How do they just run some exploit and compromise a computer? If we dive into the actual context, there is no magic happening....

Mar 01, 2020 Cryptography

Basic concepts of Cryptography

Ever notice that little padlock icon in your browser's address bar? That's cryptography working silently in the background, protecting everything you do online. Whether you're sending an email,...

Feb 05, 2020 Application Security

Common Web Application Attacks

Web applications are one of the most targeted surfaces by attackers. This is primarily because they are accessible over the internet, making them exposed and potentially vulnerable. Since these...

Jan 02, 2020 Application Security

Remote Code Execution (RCE)

Remote Code Execution (RCE) is the holy grail of application security vulnerabilities. It allows an attacker to execute arbitrary code on a remote server — and the consequences are as bad as it sounds. In this post, we'll go deep into RCE across multiple languages, including PHP, Java, Python, and Node.js.