TryHackMe — Daily Bugle WriteupTL;DR This is a Linux box with Joomla 3.7.0 installed. This version is vulnerable to SQLi which exposes the control panel’s credentials…Jul 16, 2021Jul 16, 2021
TryHackMe — Kenobi WriteupTL;DR Kenobi is a Linux box with a vulnerable version of ProFTPd. This coupled with a little manipulation with the NFS shares grants us…Jul 4, 2021Jul 4, 2021
TryHackMe — Basic Pentesting WriteupTL&DR; This is a Linux box with a webserver and SMB that reveal usernames. We can use this to brute force Jan’s password and log in using…Jun 25, 2021Jun 25, 2021
TryHackMe — Vulnversity WriteupTL&DR; This is a Unix box with a web server with a vulnerable file upload endpoint. After determining the correct extension to use, you…Jun 23, 2021Jun 23, 2021
Hack The Box — Tenet WriteupTL;DR A comment in the blog’s Migration port leads you to an endpoint that is vulnerable to PHP Object Injection. After successfully…Jun 12, 2021Jun 12, 2021
Hack The Box — ScriptKiddie WriteupTL;DR So this box exists to probably teach us a lesson that a hacker’s own tools can sometimes be used against them. For the user part…Jun 6, 2021Jun 6, 2021
Hack The Box — Academy WriteupTL;DR This is a linux box that has a vulnerable web application that leaks an App Key, which can be used to gain an initial shell on the…Mar 2, 2021Mar 2, 2021
Hack The Box — Doctor WriteupTL;DR This is a Linux box with a Server Side Template Injection on a web application, this can be used to gain a shell on the box. By…Feb 9, 2021Feb 9, 2021
Hack The Box — Omni WriteupTL;DR — This is a Windows 10 IoT Core Box that houses a direct RCE exploit to gain access to the box via the SIREP protocol. Although the…Jan 13, 2021Jan 13, 2021