nocturnal starts by exploiting an idor to get a set of credentials that gives us access to an admin panel on the website. After that we exploit a command injection to get initial foothold. Af...

On Office we begin by exploiting an information disclosure in Joomla to get a password, we get a list of usernames with kerbrute and perform password spray for valid credentials. We get acces...

vintage start by exploiting a computer to read gmsa password of a machine account that can add itself to a group who has generic write over 3 service accounts. We perform a targeted kerberos ...

User Enumeration nxc smb 10.10.10.10 -u user -p password --users nxc smb 10.10.10.10 -u user -p password --rid-brute rpcclient $> enumdomusers SMB Smb authentication. nxc smb 10...

On Blackfield I start by dumping users and making a list to perform as-rep roasting attacking, we crack the hash of one user who can change the password of another user. The latter has read p...

On Outdated we start by exploiting a remote code execution vulnerability in MSDT to get a reverse shell. After that we perform shadow credentials attack to obtain the hash of a user. The latt...

On Trick We exploit a sql injection to bypass a login page, the use the same vulnerability to read files on the system exposing subdomain. The latter is running a website vulnerable to LFI al...

Agile from HackTheBox is running a password manager vulnerable to path traversal, the website is using flask with debug mode allowing us to generate the pin code and get a reverse shell. Once...

Dog from HackTheBox is running backdrop cms vulnerable to authenticated rce that exploit after finding credentials on git directory in the webserver. After that we exploit a sudo entry to get...

Cat from HackTheBox start with a source code review where we find an XSS that we exploit to get the admin’s cookie followed by sql injection to get credentials to the box. We find another use...