Overview This machine begins w/ a web enumeration, discovering a subdomain name (staging-order.mango.htb) by viewing the SSL certificate. staging-order.mango.htb is a login page that is susceptible...

Overview This machine begins w/ a network enumeration, discovering a vulnerable service redis 4.0.9 that is susceptible to a RCE exploit, through the service, we are able to write a SSH public key ...

Overview This machine begins w/ a thorough web enumeration, discovering several directories that contains necessary information to proceed. Directory /admin contains a login page that is coded w/ ...

Overview This machine begins w/ a web enumeration, discovering a directory /plugins and wordpress CMS running on it. After enumerating wordpress, user notch is discovered. The /plugins directory co...

Overview This machine begins w/ a web enumeration, discovering exposed.php, a webpage that allows users to curl any webpages and display it. However, due to the insufficient input sanitization, it ...

Overview This machine begins w/ web enumeration, discovering a .php file that allows user to rename files. There is a lack of input sanitization, allowing users to rename any file on the entire sys...

Linux Once you rooted the machine, have access root user Obtain root’s hashed password root@rooted-box:~# cat /etc/shadow | grep root | cut -d ":" -f2 $y$j9T$zJMiBXFlQaVLqD8B7hPR3.$ceN5v...

Overview This machine begins w/ a DNS enumeration, revealing a domain name raspberrypi.local, suggestings that our target could be running raspberry pi OS. After some web enumeration, there is a pi...

Overview This machine begins w/ a webpage enumeration, a vulnerable GET parameter ?cod= is susceptible to SQLi, through the SQLi, we are able to extract DBMS user DBadmin’s hash, and crack it w/ ha...

Overview This machine begins w/ a web enumeration, discovering a page where users can only upload images onto the system due to the filters in place, however it can be bypassed by changing the cont...