[VulnHub] DevGuru 1
Simple, but interesting boot2root box. A lot of enumeration on every stage, but keeping the flow consistent.
october sql gitea sudo
Posts by Category
writeup
[VulnHub] Prime 1
Another wannabe OSCP-like box with ‘TrY hArDeR’ attitude. Unrealistic, not OSCP-like, waste of time. ¯\_(ツ)_/¯
lfi wordpress sudo[VulnHub] DC-9
DC-9 is a simple boot2root machine. Forced me to learn manual sqli and think outside the box with sudo.
sqli lfi bruteforce sudo
[HackTheBox] Nibbles
This box requires very basic pentesting skills to exploit. Starts with rce and ends with sudo.
rce sudo
[HackTheBox] Jerry
Tomcat is a very popular ‘web container’ software. This box teaches one of the vulnerabilities that can be used for RCE using Tomcat’s manager.
rce tomcat metasploit exploit
[HackTheBox] Blue
This machine is more about teaching a single exploit rather than usual HTB process. It is still fun and enjoyable!
exploit metasploit eternalblue
[HackTheBox] Cronos
Cronos begins with a simple DNS enumeration to find a hidden subdomain with a login page. Then we exploit SQL and command injection vulnerabilities to get a ...
dns sql injection cronjobs
[HackTheBox] Tenten
Tenten starts with very basic enumeration, but it very quickly becomes an interesting box. It requires knowledge of how to use and edit exploits and combines...
wordpress exploit scripting sudo
[HackTheBox] Shocker
Shocker reminded me of my first days in cybersecurity. It is vulnerable to Shellshock which was my first ever vulnerability that I’ve exploited. Root part is...
shellshock sudo perl
[HackTheBox] Popcorn
Popcorn is a very simple box. It starts with simple file upload restrictions bypass to get user and uses a very interesting exploit to get root.
upload motd
[HackTheBox] Mirai
Mirai was a very fun box! It requires thinking outside the box and compiling all information you have to guess some credentials. The root part requires knowl...
dns raspbian sudo usb
[HackTheBox] Blocky
Blocky teaches us not to reuse our credentials everywhere. It begins with a simple enumeration. Then we have to decompile some jars. Finally, it ends with th...
wordpress jar sudo
[HackTheBox] Bank
Bank is an easy machine. It requires some scripting and basic Linux enumeration skills to complete.
dns scripting lfi suid
[HackTheBox] Beep
Beep is an easy machine that requires basic enumeration knowledge to complete it. It requires exploitation of simple LFI vulnerability to get root which make...
http elastix lfi
[HackTheBox] Lame
Lame is the oldest machine on HackTheBox. It is super-easy as it requires only basic enumeration followed by a simple exploit that instantly gives you a root...
ftp smb metasploithackthebox
[HackTheBox] Nibbles
This box requires very basic pentesting skills to exploit. Starts with rce and ends with sudo.
rce sudo[HackTheBox] Jerry
Tomcat is a very popular ‘web container’ software. This box teaches one of the vulnerabilities that can be used for RCE using Tomcat’s manager.
rce tomcat metasploit exploit[HackTheBox] Blue
This machine is more about teaching a single exploit rather than usual HTB process. It is still fun and enjoyable!
exploit metasploit eternalblue[HackTheBox] Cronos
Cronos begins with a simple DNS enumeration to find a hidden subdomain with a login page. Then we exploit SQL and command injection vulnerabilities to get a ...
dns sql injection cronjobs[HackTheBox] Tenten
Tenten starts with very basic enumeration, but it very quickly becomes an interesting box. It requires knowledge of how to use and edit exploits and combines...
wordpress exploit scripting sudo[HackTheBox] Shocker
Shocker reminded me of my first days in cybersecurity. It is vulnerable to Shellshock which was my first ever vulnerability that I’ve exploited. Root part is...
shellshock sudo perl[HackTheBox] Popcorn
Popcorn is a very simple box. It starts with simple file upload restrictions bypass to get user and uses a very interesting exploit to get root.
upload motd[HackTheBox] Mirai
Mirai was a very fun box! It requires thinking outside the box and compiling all information you have to guess some credentials. The root part requires knowl...
dns raspbian sudo usb[HackTheBox] Blocky
Blocky teaches us not to reuse our credentials everywhere. It begins with a simple enumeration. Then we have to decompile some jars. Finally, it ends with th...
wordpress jar sudo[HackTheBox] Bank
Bank is an easy machine. It requires some scripting and basic Linux enumeration skills to complete.
dns scripting lfi suid[HackTheBox] Beep
Beep is an easy machine that requires basic enumeration knowledge to complete it. It requires exploitation of simple LFI vulnerability to get root which make...
http elastix lfi[HackTheBox] Lame
Lame is the oldest machine on HackTheBox. It is super-easy as it requires only basic enumeration followed by a simple exploit that instantly gives you a root...
ftp smb metasploitvulnhub
[VulnHub] DevGuru 1
Simple, but interesting boot2root box. A lot of enumeration on every stage, but keeping the flow consistent.
october sql gitea sudo[VulnHub] Prime 1
Another wannabe OSCP-like box with ‘TrY hArDeR’ attitude. Unrealistic, not OSCP-like, waste of time. ¯\_(ツ)_/¯
lfi wordpress sudo[VulnHub] DC-9
DC-9 is a simple boot2root machine. Forced me to learn manual sqli and think outside the box with sudo.
sqli lfi bruteforce sudotool
webwrap - An amazing pseudo web shell tool
webwrap is an amazing tool that automates the process of creating a pseudo shell using a page containing a remote command execution.
web ctf shell toolcve
CVE-2007-2447 in Python
Python implementation of ‘Username’ map script’ RCE Exploit for Samba 3.0.20 < 3.0.25rc3 (CVE-2007-2447).
cve python smbrandom
Make your Kali look retro
I love retro aesthetic and I’ve recently decided to transform my Kali into OS of my dreams.
kali retro