SAM SAM (Security Account Manager) is a database file in Windows that stores local user account credentials, including password hashes, and is used during the local authentication proces...

Titanic from HackTheBox starts with a website having it’s source code on a gitea instance helping us discover a directory traversal. We exploit that retrieve the gitea db file and crack the f...

EscapeTwo from HackTheBox. Enumeration nmap We start an Nmap scan using the following command: sudo nmap -sC -sV -T4 {target_IP}. -sC: run all the default scripts. -sV: ...

Heal from HackTheBox starts with a path traversal vulnerability allowing us to read file on the system and finding password hashes on one of the files. After that we exploit an RCE on lime su...

Setting up servers This section covers the different ways to setup our servers to transfer files. HTTP The following commands are used to setup an HTTP server. python3 -m http.server ...

Underpass from HackTheBox has snmp open on udp port 161 showing a daloradius server running on port 80 with default credentials. Inside the admin panel we find a password hash that we crack a...

Hollywood from PwnTillDawn is running Enumeration nmap We start an Nmap scan using the following command: sudo nmap -sC -sV -T4 {target_IP}. -sC: run all the default scripts. ...

chilakiller from PwnTillDawn is running a vulnerable version of elfinder allowing command injection which we exploit to get a shell. After that we exploit a password reuse to elevate to the u...

Administrator from HackTheBox is pure active directory challenges showcasing multiple misconfigurations. Enumeration nmap We start an Nmap scan using the following command: sudo nmap -sC -...

FullMounty from PwnTillDawn starts with an NFS share containing ssh keys, we use the private key to gain initial foothold. The kernel used by the system is outdated with a vulnerability in RD...