Description: Sau from HackTheBox, we find a website vulnerable to ssrf that we exploit to access a web app that’s sitting behind a firewall, the web app is vulnerable to command injection gi...

Description: Dreaming from TryHackMe has a CMS vulnerable to file upload that leads to command execution. On the machine we find multiple files that contains clear text passwords, we also fi...

Description Hijack is a box with an NFS share where we find FTP credentials. On the FTP server we find a password list that we use to brute force our way into an administration web page vuln...

Description: Tenet from HackTheBox has a php file running on the web server vulnerable to Insecure Deserialization which allowed us to write a web shell to the server and get a reverse shell...

Description: Pilgrimage from HackTheBox uses a vulnerable program to shrink images, we exploit it to get a foothold. On the system we find cronjob running a script that also uses a vulnerabl...

Description: Driver from HackTheBox has an upload page that saves the files to a file share, we upload a scf file that triggers when someone looks at it in Explorer. We capture a hash in Res...

Description Hello hackers, I hope you are doing well. We are doing MonitorsTwo from HackTheBox. Enumeration nmap We start a nmap scan using the following command: sudo nmap -sC -sV -T4 {t...

Description Hello hackers, I hope you are doing well. We are doing Forest from HackTheBox. Enumeration nmap We start a nmap scan using the following command: sudo nmap -sC -sV -T4 {target...

Description Hello hackers, I hope you are doing well. We are doing Busqueda from HackTheBox. Enumeration nmap We start a nmap scan using the following command: sudo nmap -sC -sV -T4 {targ...

Description Hello hackers, I hope you are doing well. We are doing Cascade from HackTheBox. Enumeration nmap We start a nmap scan using the following command: sudo nmap -sC -sV -T4 {targe...