HackTheBox - Schooled
Moodle exploitation using CVEs
sudo
HackTheBox - Knife
Exploiting the backdoor planted in PHP 8.1-dev
HackTheBox - TheNotebook
Abusing JWT key identifier and breaking out of a Docker container
HackTheBox - Ophiuchi
Deserialization attack on YAML and reversing web assembly
HackTheBox - Traverxec
Code execution with path traversal
HackTheBox - Armageddon
Pwning Drupal 7 CMS with Drupalgeddon and abusing Snap with malicious snap package
HackTheBox - Shocker
Hands on with ShellShock vulnerability
HackTheBox - Spectra
Getting password from automatic login script of ChromeOS
TryHackMe - Basic Pentesting
This is a machine that allows you to practise web app hacking and privilege escalation
HackTheBox - Tenet
Friendly PHP insecure deserialization attack and race condition
HackTheBox - ScriptKiddie
Exploiting exploitation tools and command injection in a log file
VulnHub - DC-9
DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m able to dump a bunch …
VulnHub - DC-6
DC-6 starts off by enumerating usernames from a WordPress website and use a brute-force attack …
HackTheBox - SneakyMailer
Example of a phishing attack and PyPI package exploitation
HackTheBox - OpenAdmin
Exploiting OpenNetAdmin vulnerability and sudo nano