Summary TheFrizz was a medium difficulty Windows machine from HackTheBox. Initial reconnaissance revealed an Apache web server hosting Gibbon LMS, which was vulnerable to an unauthenticated RCE. Th...

HackTheBox - Nocturnal Nocturnal is a retired HackTheBox machine that focuses on web application vulnerabilities, command injection, and privilege escalation. We started of by enumerating the open...

Summary Dog is a retired easy HackTheBox machine that involves exploiting a vulnerable version of Backdrop CMS to gain initial access by reading an exposed .git folder, enumerating valid username a...

Summary Titanic is a retired Easy Hack The Box machine that involves exploiting a Flask web application with directory traversal vulnerabilities to extract sensitive information from a Gitea datab...

Summary Infiltrator is an Insane rated Windows machine on Hack The Box, which focuses on Active Directory enumeration, privilege escalation through Active Directory Certificate Services (ADCS), an...

Summary Backfire is a Medium difficulty HackTheBox machine that involves exploiting a vulnerability in the Havoc C2 framework to gain remote code execution (RCE) through a Server-Side Request Forg...

Summary Checker is a hard machine from HackTheBox, which focuses heavily on public CVEs exploit. We started off with an nmap scan to identify the open ports and services running on the target mac...

Summary El bandito is a Hard room on TryHackMe that focuses on exploiting Web application vulnerabilities such as Server-Side Request Forgery (SSRF) and HTTP request smuggling. Theories involved ...

Summary A bucket of phish is a easy room on TryHackMe, where the goal is to find a flag hidden in a public S3 bucket. Theory Used AWS S3 Walkthrough Looking at the website, we can sett that it...

Summary EscapeTwo is an easy HackTheBox machine that focuses on a Windows Active Directory environment exploitation. We started off with a nmap scan to enumerate the services running on the targe...