GTFOBins

Oct 14, 2021  ·  6 min read

HackTheBox - Cap

Cap starts by identifying an IDOR vulnerability on its hosted website. Using this IDOR, I can obtain …

Linux IDOR Linux-Capabilities GTFOBins
Sep 16, 2021  ·  11 min read

HackTheBox - Schooled

Moodle exploitation using CVEs

FreeBSD CVE-2020-25627 CVE-2020-14321 Moodle
Aug 28, 2021  ·  4 min read

HackTheBox - Knife

Exploiting the backdoor planted in PHP 8.1-dev

Linux PHP GTFOBins Sudo
Aug 06, 2021  ·  9 min read

HackTheBox - Traverxec

Code execution with path traversal

Linux Nostromo Command-Injection Metasploit
Jul 13, 2021  ·  4 min read

HackTheBox - Shocker

Hands on with ShellShock vulnerability

Linux Shellshock CVE-2014-6271 Sudo
Jul 02, 2021  ·  3 min read

TryHackMe - rootme

A ctf for beginners, can you root me?

Linux Gobuster Suid Python
May 30, 2021  ·  8 min read

VulnHub - DC-6

DC-6 starts off by enumerating usernames from a WordPress website and use a brute-force attack …

Linux WordPress Command-Injection CVE-2018-15877
Apr 28, 2021  ·  10 min read

HackTheBox - SneakyMailer

Example of a phishing attack and PyPI package exploitation

Linux SMTP IMAP Sylpheed
Apr 02, 2021  ·  6 min read

HackTheBox - OpenAdmin

Exploiting OpenNetAdmin vulnerability and sudo nano

Linux Code-Review Webshell Password-Cracking