Linkvortex from HackTheBox is running an instance of Ghost vulnerable to file read, on a dev subdomain there is a git repo where we find credentials for ghost allowing us to exploit the vulne...

Alert from HackTheBox has a markdown viewer vulnerable to XSS which we exploit along with an LFI to read htpasswd of apache, we found a hash that we crack giving us ssh access to the box. Aft...

Brandy from PwnTillDawn is a linux box rated difficult. The machine is running a vulnerable version of dolibarr allowing for file upload and leading to RCE which gave us a foothold to the machine...

Certified from HackTheBox starts by giving us credentials to an active directory environment where we find multiple “misconfigurations” allowing us escalate our privileges with exploiting a c...

Chemistry from HackTheBox contains a website that allows for uploading CIF files and process them, we exploit a vulnerability in the process code to execute code and get a shell. We find a db...

Cicada from HackTheBox. Enumeration nmap We start an Nmap scan using the following command: sudo nmap -sC -sV -T4 {target_IP}. -sC: run all the default scripts. -sV: Fin...

Silver Platter from TryHackMe is running a known web application vulnerable to authentication bypass allowing us to logging without a password and find ssh credentials. The user we got footho...

Sightless from HackTheBox has a version of SQLPad vulnerable to SSTI that we exploit to get a shell on a container as root, we dump the shadow file and crack the password of one user to get s...

Snare is an easy box from PwnTillDawn containing a website vulnerable to both LFI and RFI allowing us to include a php reverse shell and get a shell. After that we find a writable shadow file tha...

On Soccer we exploit a web file manager to upload a php shell to get a foothold. After that we find another web application running locally that’s vulnerable to sql injection, so we retrieve ...