HackTheBox - Forge
Bypass SSRF filters using domain redirection and abusing Python PDB
Bypass SSRF filters using domain redirection and abusing Python PDB
Deserialization attack on YAML and reversing web assembly
Code execution with path traversal
Learn how RID cycling could be used for enumerating AD users
Finding passwords in Group Policy Preferences and roasting Kerberos
Hands on with ShellShock vulnerability
Supplying a malicious update definition to Electron-updater
Alfa starts with enumeration on FTP to obtain a username and an image file which named after a pet. …
DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m able to dump a bunch …
DC-6 starts off by enumerating usernames from a WordPress website and use a brute-force attack …
Exploiting a logic flaw called TicketTrick
Turns SSRF to remote code execution and escape from a Docker container
Exploiting an insecure deserialization on Jackson library and how to mitigate it
Seven times seven is equal to SSTI
USBCreator LPE on Linux
Unauthenticated RCE as SYSTEM on Windows 10 IoT
Abusing Backup Operators group to dump Active Directory database
Learn how Azure Pipelines can be abused
Tunneling with Chisel to deliver a buffer overflow exploit
Example of a phishing attack and PyPI package exploitation
Abusing Tomcat manager-script roles and escalate to root with LXC container
Pentesting against simulated AWS S3 Bucket
Plundering dead Active Directory accounts
Enumerating network interfaces of a remote computer via MSRPC and exploit NTLMv1
Nest is one of my favorite machines after Forest, I learned a lot about enumeration here, especially …
SQLi for login bypass and embed webshell to an image file
Learn basic exploitation of Active Directory
Exploiting embedded system software
Enumerating public NFS and gain access to sensitive files
Using BloodHound to discover abusable Active Directory groups
Exploiting OpenNetAdmin vulnerability and sudo nano