Posts by Category

Exploit-Education

HTB

Hack The Box - Forest Writeup

8 minute read

Description: Forest is a easy level box that can be really helpful to practice some AD related attacks. Although rated as easy, it was a medium box for me considering that all attack vectors where pretty new to me.

Hack The Box - Poison Writeup

4 minute read

Description: This a medium rated freebsd machine. Easy user shell and an interesting privilege escalation vector.

Hack The Box - Irked Writeup

5 minute read

Description: Easy rated linux machine. Good box to learn some stego and also good for practicing privilege escalation for OSCP.

Hack The Box - Bastard Writeup

7 minute read

Description: Medium rated windows box running Drupal 7. This box provides a very good learning experience for OSCP.

Hack The Box - Shocker Writeup

2 minute read

Description: This is an easy linux box that is vulnerable to shellshock. Doing this as part of my OSCP preparation.

Hack The Box - Legacy Writeup

4 minute read

Description I am doing this as part of my OSCP preparation. This is quite an easy box and only requires a single exploit to get root.

Vulnhub

Vulnhub - PwnLab Writeup

8 minute read

Vulnhub - PwnLab: init. Welcome to “PwnLab: init”, my first Boot2Root virtual machine. Meant to be easy, I hope you enjoy it and maybe learn something. The purpose of this CTF is to get root and read the flag.

Vulnhub - SkyTower Writeup

7 minute read

Description Vulnhub - SkyTower. Welcome to SkyTower:1 This CTF was designed by Telspace Systems for the CTF at the ITWeb Security Summit and BSidesCPT (Cape Town). The aim is to test intermediate to advanced security enthusiasts in their ability to attack a system using a multi-faceted approach a...

Vulnhub - Vulnix Writeup

5 minute read

Description Vulnhub - Vulnix. Here we have a vulnerable Linux host with configuration weaknesses rather than purposely vulnerable software versions (well at the time of release anyway!)

Vulnhub - Brainpan Writeup

8 minute read

Description Vulnhub - Brainpan. By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in conn...

Vulnhub - SickOs 1.2 Writeup

4 minute read

Description Vulnhub - VulnOS 2., This is second in following series from SickOs and is independent of the prior releases, scope of challenge is to gain highest privileges on the system.

Vulnhub - VulnOS 2 Writeup

5 minute read

Description Vulnhub - VulnOS 2. VulnOS are a series of vulnerable operating systems packed as virtual images to enhance penetration testing skills. This is version 2 - Smaller, less chaotic ! As time is not always on my side, It took a long time to create another VulnOS. But I like creating them....

Vulnhub - Stapler Writeup

32 minute read

Description: Vulnhub - Stapler. Average beginner/intermediate VM, only a few twists. May find it easy/hard (depends on YOUR background) also which way you attack the box. It SHOULD work on both VMware and Virtualbox REBOOT the VM if you CHANGE network modes Fusion users, you’ll need to retry when...

Vulnhub - FristiLeaks #1.3 Writeup

7 minute read

Description: Vulnhub - FristiLeaks #1.3 A small VM made for a Dutch informal hacker meetup called Fristileaks. Meant to be broken in a few hours without requiring debuggers, reverse engineering, etc..

Vulnhub - Kioptrix #5 Writeup

7 minute read

Description Vulnhub - Kioptrix #5 As usual, this vulnerable machine is targeted at the beginner. It’s not meant for the seasoned pentester or security geek that’s been at this sort of stuff for 10 years. Everyone needs a place to start and all I want to do is help in that regard.

Pwnable.tw

Web

Blind RCE and DNS Exfilteration

5 minute read

Description: I was doing a security testing against a web server running WebLogic. A potential RCE due to CVE-2019-2725 was reported and I was verifying it. I was following the PoC given here.

Initigriti XSS Challenge 0821

6 minute read

Description: The challenge is to find an XSS vulnerability on https://challenge-0821.intigriti.io. This was a guest challenge created by https://twitter.com/WHOISbinit!