OSCP like

Aug 06, 2021  ·  9 min read

HackTheBox - Ophiuchi

Deserialization attack on YAML and reversing web assembly

Linux · YAML · Deserialization · Web-Assembly · Wabt · Golang

Aug 06, 2021  ·  9 min read

HackTheBox - Traverxec

Code execution with path traversal

Linux · Nostromo · Command-Injection · Metasploit · Path-Traversal · Sudo

Jul 28, 2021  ·  9 min read

HackTheBox - Heist

Learn how RID cycling could be used for enumerating AD users

Windows · Password-Spray · Password-Reuse · Procdump · Firefox

Jul 15, 2021  ·  9 min read

HackTheBox - Active

Finding passwords in Group Policy Preferences and roasting Kerberos

Windows · Active-Directory · Kerberoasting · Gpp-Decrypt

Jul 13, 2021  ·  4 min read

HackTheBox - Shocker

Hands on with ShellShock vulnerability

Linux · Shellshock · CVE-2014-6271 · Sudo · Gtfobins

Jul 10, 2021  ·  10 min read

HackTheBox - Atom

Supplying a malicious update definition to Electron-updater

Windows · Electron-Builder · Electron-Updater · Command-Injection · Msfvenom · Redis

Jun 13, 2021  ·  10 min read

VulnHub - Alfa

Alfa starts with enumeration on FTP to obtain a username and an image file which named after a pet. …

Linux · Brainfuck · Brute-Force · Hydra · Tunneling · VNC

Jun 02, 2021  ·  9 min read

VulnHub - DC-9

DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m able to dump a bunch …

Linux · Port-Knocking · SQL-Injection · LFI · Sudo · Arbitrary-File-Write

May 30, 2021  ·  8 min read

VulnHub - DC-6

DC-6 starts off by enumerating usernames from a WordPress website and use a brute-force attack …

Linux · WordPress · Command-Injection · CVE-2018-15877 · Sudo · GTFOBins

May 22, 2021  ·  9 min read

HackTheBox - Delivery

Exploiting a logic flaw called TicketTrick

Linux · TicketTrick · OsTicket · Mattermost · Password-Cracking · Hashcat

May 15, 2021  ·  9 min read

HackTheBox - Ready

Turns SSRF to remote code execution and escape from a Docker container

Linux · GitLab · CVE-2018-19571 · CVE-2018-19585 · SSRF · CRLF-Injection

May 09, 2021  ·  9 min read

HackTheBox - Time

Exploiting an insecure deserialization on Jackson library and how to mitigate it

Linux · Jackson · Java · SSRF · Deserialization · CVE-2019-12384

May 07, 2021  ·  9 min read

HackTheBox - Passage

Leveraging USBCreator for local privilege escalation on Linux

Linux · CVE-2019-11447 · Webshell · SSH-Key-Reuse · Password-Cracking · USBCreator

May 06, 2021  ·  6 min read

HackTheBox - Omni

Unauthenticated RCE as SYSTEM on Windows 10 IoT

Windows · Windows-IoT · SirepRAT · PSCredential

Apr 24, 2021  ·  14 min read

HackTheBox - Bucket

Pentesting against simulated AWS S3 Bucket

Linux · AWS · LocalStack · S3 · DynamoDB · Webshell

Apr 17, 2021  ·  17 min read

HackTheBox - APT

Enumerating network interfaces of a remote computer via MSRPC and exploit NTLMv1

OSCP-Plus · Windows · Active-Directory · MS-RPC · IOXIDResolver · Windows-Registry

Apr 07, 2021  ·  5 min read

HackTheBox - Sauna

Learn basic exploitation of Active Directory

OSCP-Plus · Windows · Active-Directory · ASREP-Roasting · BloodHound · DCSync

Mar 12, 2021  ·  7 min read

HackTheBox - Forest

Using BloodHound to discover abusable Active Directory groups

Windows · Active-Directory · ASREP-Roasting · BloodHound · PSDrive · DCSync

Feb 06, 2021  ·  8 min read

HackTheBox - Doctor

Seven times seven is equal to SSTI

Linux · Command-Injection · SSTI · Splunk · SplunkWhisperer

Jan 30, 2021  ·  12 min read

HackTheBox - Worker

Learn how Azure Pipelines can be abused

Windows · Svn · Webshell · Azure-DevOps · Azure-Pipelines · Evil-Winrm

Nov 28, 2020  ·  10 min read

HackTheBox - SneakyMailer

Example of a phishing attack and PyPI package exploitation

Linux · SMTP · IMAP · Sylpheed · Phishing · Webshell

Nov 21, 2020  ·  8 min read

HackTheBox - Buff

Tunneling with Chisel to deliver a buffer overflow exploit

Windows · Webshell · CloudMe · Buffer-Overflow · Tunneling · Chisel

Nov 07, 2020  ·  7 min read

HackTheBox - Tabby

Abusing Tomcat manager-script roles and escalate to root with LXC container

Linux · LFI · Tomcat · Password-Cracking · WAR-File · Container

Oct 04, 2020  ·  11 min read

HackTheBox - Blackfield

Abusing Backup Operators group to dump Active Directory database

OSCP-Plus · Windows · Active-Directory · ASREP-Roasting · BloodHound · Net-RPC

Jun 19, 2020  ·  6 min read

HackTheBox - ServMon

Exploiting embedded system software

Windows · Directory-Traversal · NVMS-1000 · NSClient · Tunneling

Jun 03, 2020  ·  11 min read

HackTheBox - Cascade

Plundering dead Active Directory accounts

Windows · Active-Directory · SMB · VNC · DotNET · Csharp

May 19, 2020  ·  10 min read

HackTheBox - Nest

Nest is one of my favorite machines after Forest, I learned a lot about enumeration here, especially …

Windows · SMB · Alternate-Data-Stream · DotN · VB · Reverse-Engineering

May 19, 2020  ·  6 min read

HackTheBox - Remote

Enumerating public NFS and gain access to sensitive files

Windows · NFS · Metasploit · TeamViewer · CVE-2019-18988 · Service-Hijack

May 01, 2020  ·  6 min read

HackTheBox - Magic

SQLi for login bypass and embed webshell to an image file

Linux · SQL-Injection · Exiftool · Upload-Bypass · Webshell · SUID

May 01, 2020  ·  6 min read

HackTheBox - OpenAdmin

Exploiting OpenNetAdmin vulnerability and sudo nano

Linux · Code-Review · Webshell · Password-Cracking · Sudo · GTFOBins