Cicada from HackTheBox. Enumeration nmap We start an Nmap scan using the following command: sudo nmap -sC -sV -T4 {target_IP}. -sC: run all the default scripts. -sV: Fin...

Silver Platter from TryHackMe is running a known web application vulnerable to authentication bypass allowing us to logging without a password and find ssh credentials. The user we got footho...

Sightless from HackTheBox has a version of SQLPad vulnerable to SSTI that we exploit to get a shell on a container as root, we dump the shadow file and crack the password of one user to get s...

Snare is an easy box from PwnTillDawn containing a website vulnerable to both LFI and RFI allowing us to include a php reverse shell and get a shell. After that we find a writable shadow file tha...

On Soccer we exploit a web file manager to upload a php shell to get a foothold. After that we find another web application running locally that’s vulnerable to sql injection, so we retrieve ...

Escape from HackTheBox has readable smb share where we find a pdf with mssql credentials, we login to the server and get the hash of the sql_svc, we crack it and get a shell with it. After th...

Delivery from HackTheBox. Enumeration nmap We start an Nmap scan using the following command: sudo nmap -sC -sV -T4 {target_IP}. -sC: run all the default scripts. -sV: F...

Sea from HackTheBox start with CMS vulnerable to XSS that leads to RCE, so we exploit that to get foothold. After we find a hash of a user that we crack to get the password and have access ov...

Inject from HackTheBox has a website vulnerable to path traversal allowing to read files and identify a dependency running on the website that’s vulnerable to rce giving us a foothold. Once i...

U.A. High School from TryHackMe contains a hidden php file on a web server that we fuzz for parameters and find it executes os commands and we exploit that to get a shell. After that we find ...