Overview This machine begins w/ a web enumeration, revealing magento v1.9.0 , that is susceptible to RCE, allowing us to obtain a www-data shell. User www-data has a sudoers entry of vi, vi has a ...

Overview This machine begins w/ a network enumeration w/ nmap, a domain name is enumerated friendzone.red, DNS enumeration w/ dig is carried out to enumerate subdomains. uploads.friendzone.red &amp...

Overview This machine begins w/ network enumeration w/ nmap, detecting Unrealircd running on port 6697, it is susceptible to a backdoor command execution, allowing us to obtain an irc user shell. ...

Overview This machine begins w/ a finger user enumeration, revealing user sunny, sammy on sunday.htb, allowing us to bruteforce w/ hydra, obtaining a low-privilege/sunny shell. On the home directo...

Overview This machine begins w/ a web enumeration, browse.php is enumerated and is susceptible to LFI2RCE via Apache log poisoning, allowing us to obtain a low-privilege/www-data shell. On the web...

Overview This machine begins w/ a web enumeration, discovering /dev directory and omg, inside /dev contains a hex encoded string, decoding it reveals a encrypted SSH private key. Next, omg reveals ...

Overview This machine begins w/ a web enumeration, revealing a directory /api when intercepting a login request w/ burp. By directory enumerating /api, login credentials are revealed. After authe...

Overview This machine w/ an network enumeration, enumerating a service James Server 2.3.2, which is susceptible to an authenticated RCE exploit. Also, James Server 2.3.2 is configured w/ its defau...

Overview This machine begins w/ a directory enumeration, a file containing credentials is enumerated, allowing us to login to pfsense. pfsense version is revealed upon login in, allowing us to find...

Overview This machine begins w/ a web enumeration, discovering a login page on both TCP/80 (HTTP) & TCP/443 (HTTPS) that is both susceptible to a bruteforce attack due to a weak password and th...