Recommended reads: oouch
Posts
fieldraccoon
Cancel

Bankrobber overall was a very unstable box and due to that it was very fiddly to get a shell and get root so i will go over the methodology of the xss and sqli in depth for the user section. Of co...

Linux privilage escalation techniques SUID binaries for privilege escalation: tryhackme linux priv esc arena: Running sudo -l returns a few options of things we can run so we will find a way to ...

Cronos Cronos was a medium linux box that required gaining access to a code execution site through dns searching and sql injection. This was then used to gain a shell on the system and read the us...

BEEP Beep was an easy linux box that requried an interesting LFI exploit to read the user flag which lead to another lfi to read a file containing creds. There was multiple methodds for root inclu...

tenten tenten was a relatively easy medium linux box that involved recon of the wordpress site to find a jpg file. We then run steghide on the file to get an rsa key which we extract the password ...

Waldo In the source code of the http website there is this javascript code: function readFile(file){ var xhttp = new XMLHttpRequest(); xhttp.open("POST","fileRead.php",false); xhttp.setReq...

Postman Postman was an easy linux box that required use of the redis service for unauthenticated shell and then we use another exploit on webmin for root. Skills involved in this box en...

OpenAdmin Openadmin was an easy linux box which required a bit of enumeration to find the vulnerable service OpenNetAdmin running on http and we then exploit it to get a shell. After that we priv ...

NEST Nest was a unique box in a way that involved no exploitation stages at all, it was purely a proccess of: 1.)enumerate 2.)get creds 3.)use creds USER nmap Not shown: 999 filtered ports ...

Monteverde Monteverde was a medium windows box that involved many common windows exploitation techniques and didnt require much to get both the user and root flags Skills onvolved in this box:...