HackTheBox - BountyHunter

BountyHunter features a website that is vulnerable to XXE attack. Exploiting it allows me to …

HackTheBox - Nunchucks

SSTI in Nunjucks and SUID capability on Perl

HackTheBox - Antique

Antique is one of the machines listed in the HTB printer exploitation track. It features a network …

HackTheBox - Dynstr

Dynstr imitates a company that offers a Dynamic DNS service. The provided API for this service is …

HackTheBox - Cap

Cap starts by identifying an IDOR vulnerability on its hosted website. Using this IDOR, I can obtain …

HackTheBox - Pit

As a medium difficulty box, Pit from Hack The Box has a well-designed enumeration flow.

HackTheBox - Validation

Second-order SQL injection

HackTheBox - Gobox

SSTI in Golang, abuse S3 bucket, and NGINX backdoor

Linux · S3 · AWS · LocalStack · Go · SSTI

HackTheBox - Knife

Exploiting the backdoor planted in PHP 8.1-dev

Linux · PHP · GTFOBins · Sudo · Knife

Get rid of the Gtk-WARNING on gedit

Actually, I hide it

Notes · Linux

HackTheBox - TheNotebook

Abusing JWT key identifier and breaking out of a Docker container

Linux · JWT · Webshell · CVE-2019-5736 · Docker · Sudo

HackTheBox - Ophiuchi

Deserialization attack on YAML and reversing web assembly

HackTheBox - Traverxec

Code execution with path traversal

HackTheBox - Writeup

TIL: The staff group allows you to override binaries' executable paths.

HackTheBox - Armageddon

Pwning Drupal 7 CMS with Drupalgeddon and abusing Snap with malicious snap package

HackTheBox - Shocker

Hands on with ShellShock vulnerability

My Kali Linux Setup for Playing HackTheBox

Noob Kali setup

Home-Lab · Linux · Kali

Exposing a Samba Server to the Internet in Azure

And wait for bad things to happen

Azure · Samba · SMB · Linux · Tutorial

TryHackMe - rootme

A ctf for beginners, can you root me?

HackTheBox - Spectra

Getting password from automatic login script of ChromeOS

TryHackMe - Basic Pentesting

This is a machine that allows you to practise web app hacking and privilege escalation

Linux Forensics Command Cheat Sheet

My small cheat sheet for forensics and incident response on Linux systems

HackTheBox - Tenet

Friendly PHP insecure deserialization attack and race condition

HackTheBox - ScriptKiddie

Exploiting exploitation tools and command injection in a log file

VulnHub - Alfa

Alfa starts with enumeration on FTP to obtain a username and an image file which named after a pet. …

VulnHub - DC-9

DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m able to dump a bunch …

VulnHub - DC-6

DC-6 starts off by enumerating usernames from a WordPress website and use a brute-force attack …

Linux Backdoors and Where to Find Them

Learn some backdoor techniques and how to deal with them!

HackTheBox - Delivery

Exploiting a logic flaw called TicketTrick

HackTheBox - Ready

Turns SSRF to remote code execution and escape from a Docker container

HackTheBox - Time

Exploiting an insecure deserialization on Jackson library and how to mitigate it

HackTheBox - Passage

Leveraging USBCreator for local privilege escalation on Linux

HackTheBox - Bucket

Pentesting against simulated AWS S3 Bucket

Linux · AWS · LocalStack · S3 · DynamoDB · Webshell

HackTheBox - Laboratory

LFI to RCE on GitLab 12.8.1~12.9.0

HackTheBox - Doctor

Seven times seven is equal to SSTI

HackTheBox - SneakyMailer

Example of a phishing attack and PyPI package exploitation

Linux · SMTP · IMAP · Sylpheed · Phishing · Webshell

HackTheBox - Tabby

Abusing Tomcat manager-script roles and escalate to root with LXC container

HackTheBox - Magic

SQLi for login bypass and embed webshell to an image file

HackTheBox - OpenAdmin

Exploiting OpenNetAdmin vulnerability and sudo nano