HackTheBox - Forge
Bypass SSRF filters using domain redirection and abusing Python PDB
Linux
HackTheBox - Secret
Secret starts with analyzing web source to recover a secret token from older commit. The secret is …
HackTheBox - BountyHunter
BountyHunter features a website that is vulnerable to XXE attack. Exploiting it allows me to …
HackTheBox - Nunchucks
SSTI in Nunjucks and SUID capability on Perl
HackTheBox - Antique
Antique is one of the machines listed in the HTB printer exploitation track. It features a network …
HackTheBox - Dynstr
Dynstr imitates a company that offers a Dynamic DNS service. The provided API for this service is …
HackTheBox - Cap
Cap starts by identifying an IDOR vulnerability on its hosted website. Using this IDOR, I can obtain …
HackTheBox - Pit
As a medium difficulty box, Pit from Hack The Box has an interesting enumeration flow. It starts by …
HackTheBox - Validation
Second-order SQL injection
HackTheBox - Gobox
SSTI in Golang, abuse S3 bucket, and NGINX backdoor
HackTheBox - Knife
Exploiting the backdoor planted in PHP 8.1-dev
Get rid of the Gtk-WARNING on gedit
Actually, I hide it
HackTheBox - TheNotebook
Abusing JWT key identifier and breaking out of a Docker container
HackTheBox - Ophiuchi
Deserialization attack on YAML and reversing web assembly
HackTheBox - Traverxec
Code execution with path traversal
HackTheBox - Writeup
TIL: The staff group allows you to override binaries' executable paths.
HackTheBox - Armageddon
Pwning Drupal 7 CMS with Drupalgeddon and abusing Snap with malicious snap package
HackTheBox - Shocker
Hands on with ShellShock vulnerability
My Kali Linux Setup for Playing HackTheBox
Noob Kali setup
Exposing a SMB Server to the Internet in Azure
and wait for bad things to happen
TryHackMe - rootme
A ctf for beginners, can you root me?
HackTheBox - Spectra
Getting password from automatic login script of ChromeOS
TryHackMe - Basic Pentesting
This is a machine that allows you to practise web app hacking and privilege escalation
Linux Forensics Command Cheat Sheet
My small cheat sheet for forensics and incident response on Linux systems
HackTheBox - Tenet
Friendly PHP insecure deserialization attack and race condition
HackTheBox - ScriptKiddie
Exploiting exploitation tools and command injection in a log file
VulnHub - Alfa
Alfa starts with enumeration on FTP to obtain a username and an image file which named after a pet. …
VulnHub - DC-9
DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m able to dump a bunch …
VulnHub - DC-6
DC-6 starts off by enumerating usernames from a WordPress website and use a brute-force attack …
Linux Backdoors and Where to Find Them
Learn some backdoor techniques and how to deal with them!
HackTheBox - Delivery
Exploiting a logic flaw called TicketTrick
HackTheBox - Ready
Turns SSRF to remote code execution and escape from a Docker container
HackTheBox - Time
Exploiting an insecure deserialization on Jackson library and how to mitigate it
HackTheBox - Doctor
Seven times seven is equal to SSTI
HackTheBox - Passage
USBCreator LPE on Linux
HackTheBox - SneakyMailer
Example of a phishing attack and PyPI package exploitation
HackTheBox - Tabby
Abusing Tomcat manager-script roles and escalate to root with LXC container
HackTheBox - Bucket
Pentesting against simulated AWS S3 Bucket
HackTheBox - Laboratory
LFI to RCE on GitLab 12.8.1~12.9.0
HackTheBox - Magic
SQLi for login bypass and embed webshell to an image file
HackTheBox - OpenAdmin
Exploiting OpenNetAdmin vulnerability and sudo nano