Summary El bandito is a Hard room on TryHackMe that focuses on exploiting Web application vulnerabilities such as Server-Side Request Forgery (SSRF) and HTTP request smuggling. Theories involved ...

Summary A bucket of phish is a easy room on TryHackMe, where the goal is to find a flag hidden in a public S3 bucket. Theory Used AWS S3 Walkthrough Looking at the website, we can sett that it...

Summary EscapeTwo is an easy HackTheBox machine that focuses on a Windows Active Directory environment exploitation. We started off with a nmap scan to enumerate the services running on the targe...

Summay Heal is a medium difficulty machine which was only running a web server and a SSH service. The web server was running a ruby on rails application which was vulnerable to an LFI (Local File I...

Summary Ledger is a Hard Windows machine that focuses on Active Directory enumeration and exploitation. At first we are presented with lots of possible attack vectors. By enumerating the given hos...

Box Summary Underpass was an easy linux machine where enumeration was key to find the right path to get a shell as root. Starting of with the normal TCP scan showed only a web server and SSH servi...

Summary BigBang is a Hard-rated box that required some creative exploitation to gain a foothold. The target hosted a WordPress site with a vulnerable plugin that allowed unauthenticated arbitrary f...

Summary The Forest box was compromised by first identifying it as a Domain Controller of a domain and confirming LDAP anonymous bind. LDAP enumeration revealed a service account, svc-alfresco, whic...