Silence from PwnTillDawn is medium box, it starts with a file browser website allowing us to list content of directories in the system, we use that to list the web root where we discover an L...

Linkvortex from HackTheBox is running an instance of Ghost vulnerable to file read, on a dev subdomain there is a git repo where we find credentials for ghost allowing us to exploit the vulne...

Alert from HackTheBox has a markdown viewer vulnerable to XSS which we exploit along with an LFI to read htpasswd of apache, we found a hash that we crack giving us ssh access to the box. Aft...

Brandy from PwnTillDawn is a linux box rated difficult. The machine is running a vulnerable version of dolibarr allowing for file upload and leading to RCE which gave us a foothold to the machine...

Certified from HackTheBox starts by giving us credentials to an active directory environment where we find multiple “misconfigurations” allowing us escalate our privileges with exploiting a c...

Chemistry from HackTheBox contains a website that allows for uploading CIF files and process them, we exploit a vulnerability in the process code to execute code and get a shell. We find a db...

Cicada from HackTheBox. Enumeration nmap We start an Nmap scan using the following command: sudo nmap -sC -sV -T4 {target_IP}. -sC: run all the default scripts. -sV: Fin...

Silver Platter from TryHackMe is running a known web application vulnerable to authentication bypass allowing us to logging without a password and find ssh credentials. The user we got footho...

Sightless from HackTheBox has a version of SQLPad vulnerable to SSTI that we exploit to get a shell on a container as root, we dump the shadow file and crack the password of one user to get s...

Snare is an easy box from PwnTillDawn containing a website vulnerable to both LFI and RFI allowing us to include a php reverse shell and get a shell. After that we find a writable shadow file tha...