Overview This machine begins w/ a web enumeration, discovering a directory /plugins and wordpress CMS running on it. After enumerating wordpress, user notch is discovered. The /plugins directory co...

Overview This machine begins w/ a web enumeration, discovering exposed.php, a webpage that allows users to curl any webpages and display it. However, due to the insufficient input sanitization, it ...

Overview This machine begins w/ web enumeration, discovering a .php file that allows user to rename files. There is a lack of input sanitization, allowing users to rename any file on the entire sys...

Linux Once you rooted the machine, have access root user Obtain root’s hashed password root@rooted-box:~# cat /etc/shadow | grep root | cut -d ":" -f2 $y$j9T$zJMiBXFlQaVLqD8B7hPR3.$ceN5v...

Overview This machine begins w/ a DNS enumeration, revealing a domain name raspberrypi.local, suggestings that our target could be running raspberry pi OS. After some web enumeration, there is a pi...

Overview This machine begins w/ a webpage enumeration, a vulnerable GET parameter ?cod= is susceptible to SQLi, through the SQLi, we are able to extract DBMS user DBadmin’s hash, and crack it w/ ha...

Overview This machine begins w/ a web enumeration, discovering a page where users can only upload images onto the system due to the filters in place, however it can be bypassed by changing the cont...

Overview This machine begins w/ a web enumeration, revealing magento v1.9.0 , that is susceptible to RCE, allowing us to obtain a www-data shell. User www-data has a sudoers entry of vi, vi has a ...

Overview This machine begins w/ a network enumeration w/ nmap, a domain name is enumerated friendzone.red, DNS enumeration w/ dig is carried out to enumerate subdomains. uploads.friendzone.red &amp...

Overview This machine begins w/ network enumeration w/ nmap, detecting Unrealircd running on port 6697, it is susceptible to a backdoor command execution, allowing us to obtain an irc user shell. ...