HackTheBox - Forge
Bypass SSRF filters using domain redirection and abusing Python PDB
CTF Write-ups
A collection of my CTF write-ups
HackTheBox - Secret
Secret starts with analyzing web source to recover a secret token from older commit. The secret is …
HackTheBox - Driver
Driver is also one of the machines listed in the HTB printer exploitation track. It starts with a …
HackTheBox - Intelligence
Intelligence brings some cool enumeration and exploitation techniques to own Active Directory. It …
HackTheBox - BountyHunter
BountyHunter features a website that is vulnerable to XXE attack. Exploiting it allows me to …
HackTheBox - Nunchucks
SSTI in Nunjucks and SUID capability on Perl
HackTheBox - Explore
Exploiting ES File Explorer and abusing ADB
HackTheBox - Return
Return is another machine listed in the HTB printer exploitation track. This machine hosts a web …
HackTheBox - Antique
Antique is one of the machines listed in the HTB printer exploitation track. It features a network …
HackTheBox - Dynstr
Dynstr imitates a company that offers a Dynamic DNS service. The provided API for this service is …
HackTheBox - Cap
Cap starts by identifying an IDOR vulnerability on its hosted website. Using this IDOR, I can obtain …
HackTheBox - Pit
As a medium difficulty box, Pit from Hack The Box has an interesting enumeration flow. It starts by …
H@cktivitycon 2021 - Web
Another late CTF writeups for H@cktivitycon 2021 web category.
H@cktivitycon 2021 - Misc
This is my late CTF writeups for H@cktivitycon 2021 miscellaneous category.
HackTheBox - Validation
Second-order SQL injection
HackTheBox - Schooled
Moodle exploitation using CVEs
HackTheBox - Gobox
SSTI in Golang, abuse S3 bucket, and NGINX backdoor
HackTheBox - Knife
Exploiting the backdoor planted in PHP 8.1-dev
HackTheBox - Love
Basic things you can do with SSRF
HackTheBox - TheNotebook
Abusing JWT key identifier and breaking out of a Docker container
HackTheBox - Ophiuchi
Deserialization attack on YAML and reversing web assembly
HackTheBox - Traverxec
Code execution with path traversal
HackTheBox - Writeup
TIL: The staff group allows you to override binaries' executable paths.
HackTheBox - Heist
Learn how RID cycling could be used for enumerating AD users
HackTheBox - Armageddon
Pwning Drupal 7 CMS with Drupalgeddon and abusing Snap with malicious snap package
HackTheBox - Active
Finding passwords in Group Policy Preferences and roasting Kerberos
HackTheBox - Shocker
Hands on with ShellShock vulnerability
HackTheBox - Atom
Supplying a malicious update definition to Electron-updater
TryHackMe - rootme
A ctf for beginners, can you root me?
HackTheBox - Spectra
Getting password from automatic login script of ChromeOS
TryHackMe - Basic Pentesting
This is a machine that allows you to practise web app hacking and privilege escalation
HackTheBox - Tenet
Friendly PHP insecure deserialization attack and race condition
HackTheBox - ScriptKiddie
Exploiting exploitation tools and command injection in a log file
VulnHub - Alfa
Alfa starts with enumeration on FTP to obtain a username and an image file which named after a pet. …
HackTheBox - Cereal (User)
Chaining XSS, SSRF, and deserialization vulnerabilities to get RCE
VulnHub - DC-9
DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m able to dump a bunch …
VulnHub - DC-6
DC-6 starts off by enumerating usernames from a WordPress website and use a brute-force attack …
HackTheBox - Delivery
Exploiting a logic flaw called TicketTrick
HackTheBox - Ready
Turns SSRF to remote code execution and escape from a Docker container
HackTheBox - Time
Exploiting an insecure deserialization on Jackson library and how to mitigate it
HackTheBox - Doctor
Seven times seven is equal to SSTI
HackTheBox - Passage
USBCreator LPE on Linux
HackTheBox - Omni
Unauthenticated RCE as SYSTEM on Windows 10 IoT
HackTheBox - Blackfield
Abusing Backup Operators group to dump Active Directory database
HackTheBox - Worker
Learn how Azure Pipelines can be abused
HackTheBox - Buff
Tunneling with Chisel to deliver a buffer overflow exploit
HackTheBox - SneakyMailer
Example of a phishing attack and PyPI package exploitation
HackTheBox - Tabby
Abusing Tomcat manager-script roles and escalate to root with LXC container
HackTheBox - Bucket
Pentesting against simulated AWS S3 Bucket
HackTheBox - Cascade
Plundering dead Active Directory accounts
HackTheBox - Laboratory
LFI to RCE on GitLab 12.8.1~12.9.0
HackTheBox - APT
Enumerating network interfaces of a remote computer via MSRPC and exploit NTLMv1
HackTheBox - Nest
Nest is one of my favorite machines after Forest, I learned a lot about enumeration here, especially …
HackTheBox - Magic
SQLi for login bypass and embed webshell to an image file
HackTheBox - Sauna
Learn basic exploitation of Active Directory
HackTheBox - ServMon
Exploiting embedded system software
HackTheBox - Remote
Enumerating public NFS and gain access to sensitive files
HackTheBox - Forest
Using BloodHound to discover abusable Active Directory groups
HackTheBox - OpenAdmin
Exploiting OpenNetAdmin vulnerability and sudo nano