HackTheBox - Schooled

Moodle exploitation using CVEs

HackTheBox - Knife

Exploiting the backdoor planted in PHP 8.1-dev

Linux · PHP · GTFOBins · Sudo · Knife

HackTheBox - TheNotebook

Abusing JWT key identifier and breaking out of a Docker container

Linux · JWT · Webshell · CVE-2019-5736 · Docker · Sudo

HackTheBox - Ophiuchi

Deserialization attack on YAML and reversing web assembly

HackTheBox - Traverxec

Code execution with path traversal

HackTheBox - Armageddon

Pwning Drupal 7 CMS with Drupalgeddon and abusing Snap with malicious snap package

HackTheBox - Shocker

Hands on with ShellShock vulnerability

HackTheBox - Spectra

Getting password from automatic login script of ChromeOS

TryHackMe - Basic Pentesting

This is a machine that allows you to practise web app hacking and privilege escalation

HackTheBox - Tenet

Friendly PHP insecure deserialization attack and race condition

HackTheBox - ScriptKiddie

Exploiting exploitation tools and command injection in a log file

VulnHub - DC-9

DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m able to dump a bunch …

VulnHub - DC-6

DC-6 starts off by enumerating usernames from a WordPress website and use a brute-force attack …

HackTheBox - SneakyMailer

Example of a phishing attack and PyPI package exploitation

Linux · SMTP · IMAP · Sylpheed · Phishing · Webshell

HackTheBox - OpenAdmin

Exploiting OpenNetAdmin vulnerability and sudo nano