Walkthrough of the HackTheBox machine Previse featuring the exploitation of an improper 302 redirect in a PHP web app, source code review to find a command injection vulnerability, mySQL database looting, hash cracking with hashcat, and privilege escalation via a sudo misconfiguration.
Walkthrough of this fun and challenging HackTheBox machine involving enumeration & exploitation of an Active Directory environment.
Walkthrough of the HackTheBox machine Arctic. Featuring a Cold Fusion 8 directory traversal vulnerability and exploitation of MS10-059 to privesc.
Walkthrough of the HackTheBox machine Solidstate. Exploiting default credentials and a vulnerability in Apache James 2.3.2. Finding and exploiting weak permissions on a script running as root to privesc.
Walkthrough of the HackTheBox machine Cronos. Featuring virtual hosts, DNS zone transfers, command injection, and cron job exploitation.
Walkthrough of the VulnHub machine Kioptrix Level 1.1
Walkthrough of the VulnHub machine Kioptrix Level 1