This box is rated hard difficulty on THM. It involves us finding a Wordpress application that’s vulnerable to LFI, allowing us to read the server’s configuration files to discover an email subdomai...

This box is rated medium difficulty on THM. It involves us brute forcing a few protected files to gain SSH access to the box as a low-level user. Then, we recover a password which was mnemonically ...

This box is rated medium difficulty on HTB and took me a very long time to complete. It involves us dumping the website’s database via MSSQL injection, exploiting local and remote file inclusion to...

This box is rated hard difficulty on HTB. It involves us enumerating valid users via SMB guest authentication and AS-REP roasting a support account which gives us access to reset another account’s ...

This box is rated medium difficulty on THM. It involves us using a lesser-known programming language to grab a reverse shell on the web server, along with escalating privileges by abusing a capabil...

This box is rated hard difficulty on THM. It involves us enumerating a python webapp to find an old register API. Then, we grab a shell on the box with SSTI via the username parameter and escalate ...

This box is rated hard difficulty on THM. It involves us chaining SSRF to an LFI vulnerability in order to read files on the web server. Doing so gives us admin credentials for wordpress where we c...

This box is rated medium difficulty on THM. It involves us exploiting directory traversal vulnerabilities in a few applications to grab low-level shells on the box, as well as a very old privilege ...

This box is rated medium difficulty on HTB. It involves us password spraying on SMB to find an XML file with user credentials inside, as well as abusing Azure Admin group privileges by using a powe...

This box is rated hard difficulty on THM and is more of a game then a realistic box. It involves us enumerating various directories in a subdomain on HTTPS to find a pair of SSH credentials, solvin...