chilakiller from PwnTillDawn is running a vulnerable version of elfinder allowing command injection which we exploit to get a shell. After that we exploit a password reuse to elevate to the u...

Administrator from HackTheBox is pure active directory challenges showcasing multiple misconfigurations. Enumeration nmap We start an Nmap scan using the following command: sudo nmap -sC -...

FullMounty from PwnTillDawn starts with an NFS share containing ssh keys, we use the private key to gain initial foothold. The kernel used by the system is outdated with a vulnerability in RD...

Morty from PwnTillDawn is a challenge that involves using steganography to extract hidden files from images, followed by exploiting a remote code execution (RCE) vulnerability to gain a footh...

Silence from PwnTillDawn is medium box, it starts with a file browser website allowing us to list content of directories in the system, we use that to list the web root where we discover an L...

Linkvortex from HackTheBox is running an instance of Ghost vulnerable to file read, on a dev subdomain there is a git repo where we find credentials for ghost allowing us to exploit the vulne...

Alert from HackTheBox has a markdown viewer vulnerable to XSS which we exploit along with an LFI to read htpasswd of apache, we found a hash that we crack giving us ssh access to the box. Aft...

Brandy from PwnTillDawn is a linux box rated difficult. The machine is running a vulnerable version of dolibarr allowing for file upload and leading to RCE which gave us a foothold to the machine...

Certified from HackTheBox starts by giving us credentials to an active directory environment where we find multiple “misconfigurations” allowing us escalate our privileges with exploiting a c...

Chemistry from HackTheBox contains a website that allows for uploading CIF files and process them, we exploit a vulnerability in the process code to execute code and get a shell. We find a db...