System Weakness

Metasploit is an easy-to-use tool that has a database of exploits which you can easily query. The next step is to try and exploit some open ports on one of Hack the Box’s machines. The vulnerability allows an unauthenticated user to view private or draft posts due to an issue within WP_Query.

Hacking for Beginners: Exploiting Open Ports

Changelog

If you use a Yubikey agent, you can use it in your remotes by having the key in a SSH agent and forwarding it. To manage the agent, I strongly recommend yubikesy-agent. If you connect and disconnect from some machines “a lot” you might benefit from keeping You can prevent that by having your client ping the server every X time.

SSH tips and tricks

Using rustscan to probe open ports 10.10.3.105 has no known vulnerability that gives us reverseshell or sth useful. I can login as ‘anonymous’ and get the file: Jake’s password seems to be too weak.

TryHackMe — Brooklyn Nine Nine. Level: Easy

Delve into Secure Shell (SSH) protocol and learn about secure remote access, file transfer, and command execution over a network. Explore SSH authentication methods, key management, and security best practices. Whether you're a system administrator, network engineer, or security professional,  learn about SSH for secure communication.

Best of SSH — August 2022