HackTheBox - Ophiuchi

Deserialization attack on YAML and reversing web assembly

HackTheBox - Traverxec

Code execution with path traversal

HackTheBox - Heist

Learn how RID cycling could be used for enumerating AD users

HackTheBox - Active

Finding passwords in Group Policy Preferences and roasting Kerberos

HackTheBox - Shocker

Hands on with ShellShock vulnerability

HackTheBox - Atom

Supplying a malicious update definition to Electron-updater

VulnHub - Alfa

Alfa starts with enumeration on FTP to obtain a username and an image file which named after a pet. …

VulnHub - DC-9

DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m able to dump a bunch …

VulnHub - DC-6

DC-6 starts off by enumerating usernames from a WordPress website and use a brute-force attack …

HackTheBox - Delivery

Exploiting a logic flaw called TicketTrick

HackTheBox - Ready

Turns SSRF to remote code execution and escape from a Docker container

HackTheBox - Time

Exploiting an insecure deserialization on Jackson library and how to mitigate it

HackTheBox - Passage

Leveraging USBCreator for local privilege escalation on Linux

HackTheBox - Omni

Unauthenticated RCE as SYSTEM on Windows 10 IoT

HackTheBox - Bucket

Pentesting against simulated AWS S3 Bucket

Linux · AWS · LocalStack · S3 · DynamoDB · Webshell

HackTheBox - APT

Enumerating network interfaces of a remote computer via MSRPC and exploit NTLMv1

HackTheBox - Sauna

Learn basic exploitation of Active Directory

HackTheBox - Forest

Using BloodHound to discover abusable Active Directory groups

HackTheBox - Doctor

Seven times seven is equal to SSTI

HackTheBox - Worker

Learn how Azure Pipelines can be abused

HackTheBox - SneakyMailer

Example of a phishing attack and PyPI package exploitation

Linux · SMTP · IMAP · Sylpheed · Phishing · Webshell

HackTheBox - Buff

Tunneling with Chisel to deliver a buffer overflow exploit

HackTheBox - Tabby

Abusing Tomcat manager-script roles and escalate to root with LXC container

HackTheBox - Blackfield

Abusing Backup Operators group to dump Active Directory database

HackTheBox - ServMon

Exploiting embedded system software

HackTheBox - Cascade

Plundering dead Active Directory accounts

HackTheBox - Nest

Nest is one of my favorite machines after Forest, I learned a lot about enumeration here, especially …

HackTheBox - Remote

Enumerating public NFS and gain access to sensitive files

HackTheBox - Magic

SQLi for login bypass and embed webshell to an image file

HackTheBox - OpenAdmin

Exploiting OpenNetAdmin vulnerability and sudo nano