[VulnHub] DevGuru 1
Simple, but interesting boot2root box. A lot of enumeration on every stage, but keeping the flow consistent.
october sql gitea sudo
Posts by Tag
- sudo 8
- lfi 4
- metasploit 3
- dns 3
- wordpress 3
- exploit 3
- smb 2
- scripting 2
- sql 2
- rce 2
- ftp 1
- http 1
- elastix 1
- suid 1
- jar 1
- raspbian 1
- usb 1
- upload 1
- motd 1
- shellshock 1
- perl 1
- injection 1
- cronjobs 1
- web 1
- ctf 1
- shell 1
- tool 1
- eternalblue 1
- tomcat 1
- cve 1
- python 1
- kali 1
- retro 1
- sqli 1
- bruteforce 1
- october 1
- gitea 1
sudo
[VulnHub] Prime 1
Another wannabe OSCP-like box with ‘TrY hArDeR’ attitude. Unrealistic, not OSCP-like, waste of time. ¯\_(ツ)_/¯
lfi wordpress sudo[VulnHub] DC-9
DC-9 is a simple boot2root machine. Forced me to learn manual sqli and think outside the box with sudo.
sqli lfi bruteforce sudo
[HackTheBox] Nibbles
This box requires very basic pentesting skills to exploit. Starts with rce and ends with sudo.
rce sudo
[HackTheBox] Tenten
Tenten starts with very basic enumeration, but it very quickly becomes an interesting box. It requires knowledge of how to use and edit exploits and combines...
wordpress exploit scripting sudo
[HackTheBox] Shocker
Shocker reminded me of my first days in cybersecurity. It is vulnerable to Shellshock which was my first ever vulnerability that I’ve exploited. Root part is...
shellshock sudo perl
[HackTheBox] Mirai
Mirai was a very fun box! It requires thinking outside the box and compiling all information you have to guess some credentials. The root part requires knowl...
dns raspbian sudo usb
[HackTheBox] Blocky
Blocky teaches us not to reuse our credentials everywhere. It begins with a simple enumeration. Then we have to decompile some jars. Finally, it ends with th...
wordpress jar sudolfi
[VulnHub] Prime 1
Another wannabe OSCP-like box with ‘TrY hArDeR’ attitude. Unrealistic, not OSCP-like, waste of time. ¯\_(ツ)_/¯
lfi wordpress sudo[VulnHub] DC-9
DC-9 is a simple boot2root machine. Forced me to learn manual sqli and think outside the box with sudo.
sqli lfi bruteforce sudo
[HackTheBox] Bank
Bank is an easy machine. It requires some scripting and basic Linux enumeration skills to complete.
dns scripting lfi suid
[HackTheBox] Beep
Beep is an easy machine that requires basic enumeration knowledge to complete it. It requires exploitation of simple LFI vulnerability to get root which make...
http elastix lfimetasploit
[HackTheBox] Jerry
Tomcat is a very popular ‘web container’ software. This box teaches one of the vulnerabilities that can be used for RCE using Tomcat’s manager.
rce tomcat metasploit exploit
[HackTheBox] Blue
This machine is more about teaching a single exploit rather than usual HTB process. It is still fun and enjoyable!
exploit metasploit eternalblue
[HackTheBox] Lame
Lame is the oldest machine on HackTheBox. It is super-easy as it requires only basic enumeration followed by a simple exploit that instantly gives you a root...
ftp smb metasploitdns
[HackTheBox] Cronos
Cronos begins with a simple DNS enumeration to find a hidden subdomain with a login page. Then we exploit SQL and command injection vulnerabilities to get a ...
dns sql injection cronjobs[HackTheBox] Mirai
Mirai was a very fun box! It requires thinking outside the box and compiling all information you have to guess some credentials. The root part requires knowl...
dns raspbian sudo usb[HackTheBox] Bank
Bank is an easy machine. It requires some scripting and basic Linux enumeration skills to complete.
dns scripting lfi suidwordpress
[VulnHub] Prime 1
Another wannabe OSCP-like box with ‘TrY hArDeR’ attitude. Unrealistic, not OSCP-like, waste of time. ¯\_(ツ)_/¯
lfi wordpress sudo[HackTheBox] Tenten
Tenten starts with very basic enumeration, but it very quickly becomes an interesting box. It requires knowledge of how to use and edit exploits and combines...
wordpress exploit scripting sudo[HackTheBox] Blocky
Blocky teaches us not to reuse our credentials everywhere. It begins with a simple enumeration. Then we have to decompile some jars. Finally, it ends with th...
wordpress jar sudoexploit
[HackTheBox] Jerry
Tomcat is a very popular ‘web container’ software. This box teaches one of the vulnerabilities that can be used for RCE using Tomcat’s manager.
rce tomcat metasploit exploit[HackTheBox] Blue
This machine is more about teaching a single exploit rather than usual HTB process. It is still fun and enjoyable!
exploit metasploit eternalblue[HackTheBox] Tenten
Tenten starts with very basic enumeration, but it very quickly becomes an interesting box. It requires knowledge of how to use and edit exploits and combines...
wordpress exploit scripting sudosmb
CVE-2007-2447 in Python
Python implementation of ‘Username’ map script’ RCE Exploit for Samba 3.0.20 < 3.0.25rc3 (CVE-2007-2447).
cve python smb[HackTheBox] Lame
Lame is the oldest machine on HackTheBox. It is super-easy as it requires only basic enumeration followed by a simple exploit that instantly gives you a root...
ftp smb metasploitscripting
[HackTheBox] Tenten
Tenten starts with very basic enumeration, but it very quickly becomes an interesting box. It requires knowledge of how to use and edit exploits and combines...
wordpress exploit scripting sudo[HackTheBox] Bank
Bank is an easy machine. It requires some scripting and basic Linux enumeration skills to complete.
dns scripting lfi suidsql
[VulnHub] DevGuru 1
Simple, but interesting boot2root box. A lot of enumeration on every stage, but keeping the flow consistent.
october sql gitea sudo[HackTheBox] Cronos
Cronos begins with a simple DNS enumeration to find a hidden subdomain with a login page. Then we exploit SQL and command injection vulnerabilities to get a ...
dns sql injection cronjobsrce
[HackTheBox] Nibbles
This box requires very basic pentesting skills to exploit. Starts with rce and ends with sudo.
rce sudo[HackTheBox] Jerry
Tomcat is a very popular ‘web container’ software. This box teaches one of the vulnerabilities that can be used for RCE using Tomcat’s manager.
rce tomcat metasploit exploitftp
[HackTheBox] Lame
Lame is the oldest machine on HackTheBox. It is super-easy as it requires only basic enumeration followed by a simple exploit that instantly gives you a root...
ftp smb metasploithttp
[HackTheBox] Beep
Beep is an easy machine that requires basic enumeration knowledge to complete it. It requires exploitation of simple LFI vulnerability to get root which make...
http elastix lfielastix
[HackTheBox] Beep
Beep is an easy machine that requires basic enumeration knowledge to complete it. It requires exploitation of simple LFI vulnerability to get root which make...
http elastix lfisuid
[HackTheBox] Bank
Bank is an easy machine. It requires some scripting and basic Linux enumeration skills to complete.
dns scripting lfi suidjar
[HackTheBox] Blocky
Blocky teaches us not to reuse our credentials everywhere. It begins with a simple enumeration. Then we have to decompile some jars. Finally, it ends with th...
wordpress jar sudoraspbian
[HackTheBox] Mirai
Mirai was a very fun box! It requires thinking outside the box and compiling all information you have to guess some credentials. The root part requires knowl...
dns raspbian sudo usbusb
[HackTheBox] Mirai
Mirai was a very fun box! It requires thinking outside the box and compiling all information you have to guess some credentials. The root part requires knowl...
dns raspbian sudo usbupload
[HackTheBox] Popcorn
Popcorn is a very simple box. It starts with simple file upload restrictions bypass to get user and uses a very interesting exploit to get root.
upload motdmotd
[HackTheBox] Popcorn
Popcorn is a very simple box. It starts with simple file upload restrictions bypass to get user and uses a very interesting exploit to get root.
upload motdshellshock
[HackTheBox] Shocker
Shocker reminded me of my first days in cybersecurity. It is vulnerable to Shellshock which was my first ever vulnerability that I’ve exploited. Root part is...
shellshock sudo perlperl
[HackTheBox] Shocker
Shocker reminded me of my first days in cybersecurity. It is vulnerable to Shellshock which was my first ever vulnerability that I’ve exploited. Root part is...
shellshock sudo perlinjection
[HackTheBox] Cronos
Cronos begins with a simple DNS enumeration to find a hidden subdomain with a login page. Then we exploit SQL and command injection vulnerabilities to get a ...
dns sql injection cronjobscronjobs
[HackTheBox] Cronos
Cronos begins with a simple DNS enumeration to find a hidden subdomain with a login page. Then we exploit SQL and command injection vulnerabilities to get a ...
dns sql injection cronjobsweb
webwrap - An amazing pseudo web shell tool
webwrap is an amazing tool that automates the process of creating a pseudo shell using a page containing a remote command execution.
web ctf shell toolctf
webwrap - An amazing pseudo web shell tool
webwrap is an amazing tool that automates the process of creating a pseudo shell using a page containing a remote command execution.
web ctf shell toolshell
webwrap - An amazing pseudo web shell tool
webwrap is an amazing tool that automates the process of creating a pseudo shell using a page containing a remote command execution.
web ctf shell tooltool
webwrap - An amazing pseudo web shell tool
webwrap is an amazing tool that automates the process of creating a pseudo shell using a page containing a remote command execution.
web ctf shell tooleternalblue
[HackTheBox] Blue
This machine is more about teaching a single exploit rather than usual HTB process. It is still fun and enjoyable!
exploit metasploit eternalbluetomcat
[HackTheBox] Jerry
Tomcat is a very popular ‘web container’ software. This box teaches one of the vulnerabilities that can be used for RCE using Tomcat’s manager.
rce tomcat metasploit exploitcve
CVE-2007-2447 in Python
Python implementation of ‘Username’ map script’ RCE Exploit for Samba 3.0.20 < 3.0.25rc3 (CVE-2007-2447).
cve python smbpython
CVE-2007-2447 in Python
Python implementation of ‘Username’ map script’ RCE Exploit for Samba 3.0.20 < 3.0.25rc3 (CVE-2007-2447).
cve python smbkali
Make your Kali look retro
I love retro aesthetic and I’ve recently decided to transform my Kali into OS of my dreams.
kali retroretro
Make your Kali look retro
I love retro aesthetic and I’ve recently decided to transform my Kali into OS of my dreams.
kali retrosqli
[VulnHub] DC-9
DC-9 is a simple boot2root machine. Forced me to learn manual sqli and think outside the box with sudo.
sqli lfi bruteforce sudobruteforce
[VulnHub] DC-9
DC-9 is a simple boot2root machine. Forced me to learn manual sqli and think outside the box with sudo.
sqli lfi bruteforce sudooctober
[VulnHub] DevGuru 1
Simple, but interesting boot2root box. A lot of enumeration on every stage, but keeping the flow consistent.
october sql gitea sudogitea
[VulnHub] DevGuru 1
Simple, but interesting boot2root box. A lot of enumeration on every stage, but keeping the flow consistent.
october sql gitea sudo