This machine begins w/ a web directory enumeration, finding a cgi-bin/ directory, and by further enumerating the found directory (cgi-bin/), a bash script is found, allowing us to use an exploit called shellshock to execute commands, obtaining a low-privilege shell/shelly shell. On the ...

This is the second machine from OSCP’s TJNull’s OSCP List for HackTheBox. This machine begins w/ us enumerating several subdomains via NMAP’s HTTPS script, followed by a wordpress plugin exploit that allowed us to login to an admin account w/o any credentials. Next, we discovered anothe...

HackTheBox Lame marks the beginning of me trying to complete TJNull’s OSCP List for HackTheBox. This machine begins w/ nmap detecting a service exploit for distcc v1 that allows command execution, allowing us to obtain daemon user/shell. There are 2 privilege escalation techniques used...

After the evil-twin project, I continued to root machines on hackthebox/vulnhub and left my raspberry pi to collect dust, recently I randomly thought of my raspberry pi and wanted to put my raspberry pi to its full use again! During my research for my Wi-Fi pentesting project, I stumble...

This machine begins w/ DNS enumeration, revealing a subdomain preprod-payroll.trick.htb that running a recruitment management system via nginx. The recruitment management system is susceptible to SQLi authentication bypass, allowing us to use SQLMAP’s file-read functionality to read ngin...

This machine is hosting a webpage that allows user to test a file upload web application and download its source code. However, the source code is archived together with a directory .git, revealing user credentials. Also, after analzying the source code, there is a way to exploit the fi...

This machine begins w/ a wordpress 5.2.3 exploit, allowing us to view private post w/o being authenticated, revealing a subdomain chat.office.paper. A chatbot is running on chat.office.paper that is susceptible to local file inclusion and remote code execution, allowing us to obtain use...