INFOSEC ARTICLES

HackTheBox

Precious HackTheBox Walkthrough

Precious is an easy level linux machine available on HackTheBox. This includes exploiting a command injection vulnerability in pdfkit (CVE-2022–25765) to get a basic shell and then gaining root access via YAML deserialization attack.

HackTheBox

Photobomb HackTheBox Walkthrough

Photobomb is an easy level linux machine from HackTheBox which includes exploiting an image downloading functionality to get a RCE and then exploiting a bash script which does not use absolute paths. Let's get started!

TryHackMe

TryHackMe Gaming Server Walkthrough

In this article, we will be solving Gaming Server from TryHackMe. This is an easy level machine and is one of my favorites! Let's get started.

TryHackMe

Battery TryHackMe Walkthrough

Battery is a medium level machine from TryHackMe. In this article, I will be sharing all the different ways to solve this challenge. This machine was created by my fellow friend golith3r00t. Let's Begin!

Vulnhub

IA: Keyring Vulnhub Official Writeup

IA: Keyring is an intermediate level boot2root machine available on Vulnhub. This includes exploiting a SQLi to leak credentials and then getting a RCE to get the shell on the machine. Then for the root part we need to exploit a custom SUID binary which is vulnerable to Wildcard Injection.

TryHackMe

Committed TryHackMe Writeup

In this article, I will be sharing a writeup for Committed room from TryHackMe. This is an easy level challenge which includes analyzing a git repository to find the flag.

TryHackMe

Confidential TryHackMe Walkthrough

Today we will be solving Confidential room from TryHackMe. This is an easy level forensic challenge and recommended for beginners who want to learn digital forensics.

TryHackMe

Agent T TryHackMe Walkthrough

In this article, I will be sharing a walkthrough of Agent T from TryHackMe. This is an easy level machine which includes exploiting a vulnerable version of php installed in the web server to get a root shell. Let's get started!

HackTheBox

HackTheBox Blocky Walkthrough

Blocky is an easy level linux machine from HackTheBox. This includes enumerating WordPress, reversing a jar file to find user credentials and then exploiting the sudo permissions for privilege escalation. Let's begin!

HackTheBox

HackTheBox Bank Walkthrough

In this article, I will be sharing a walkthrough of Bank machine from HackTheBox. This is an easy level linux machine which includes exploiting a file upload vulnerability to get a reverse shell and then exploiting a SUID to get the root shell.

HackTheBox

HackTheBox Lame Walkthrough

In this article, I will be sharing a walkthrough of Lame from HackTheBox which was the first machine released on HackTheBox. This is an easy level machine which includes exploiting CVE-2007-2447 to get a shell on the box as root user.

TryHackMe

Tech Support TryHackMe Walkthrough

In this article, I will be sharing a walkthrough of the Tech Support room from TryHackMe. This is an easy level boot2root challenge which includes exploiting a file upload vulnerability to get initial access and then exploiting the iconv sudo permission to read the root flag. Let's get started!

TryHackMe

RootMe TryHackMe Walkthrough

RootMe is an easy level boot2root machine available on TryHackMe. This includes bypassing a client-side upload filter to upload our reverse shell and then exploiting python with SUID bit assigned to it to escalate our privileges to root. Let's start hacking!

TryHackMe

Kenobi TryHackMe Walkthrough

In this article, we are going to solve Kenobi, which is a boot2root linux machine created by TryHackMe. This is an easy level machine which includes enumerating samba shares, exploiting a vulnerable version of ProFTPD, mounting NFS shares and privilege escalation through path variable manipulation.

TryHackMe

LazyAdmin TryHackMe Walkthrough

LazyAdmin is an easy level linux boot2root machine available on TryHackMe. This includes exploiting a vulnerability on SweetRice CMS to get login credentials and then uploading our reverse shell to get a low level shell and then exploiting a writable script to get a shell as user root.

TryHackMe

Startup TryHackMe Writeup

Startup is a boot2root challenge available on TryHackMe. This is an easy level box which includes compromising a web server by uploading our web shell via FTP and then exploiting a cronjob to get the root shell. Let's get started!

TryHackMe

Revenge TryHackMe Writeup

In this article, I will be sharing a writeup of Revenge from TryHackMe. This machine is rated medium and takes us through exploiting SQL Injection to find user credentials, cracking password hashes with John and then exploiting a service to get the root shell. With that said, let's get started!

Vulnhub

DarkHole Vulnhub Walkthrough

Darkhole is an easy level box available on Vulnhub. It includes parameter pollution attack, file upload bypass, exploiting SUID binary and getting root shell using a python script.

Vulnhub

Momentum Vulnhub Walkthrough

In this write-up, we will be solving Momentum: 1 from Vulnhub. This machine is rated easy and created by @AL1ENUM. It takes us through exploiting a JS function to retrieve the SSH credentials and then exploiting the redis-cli to get the root password.

Vulnhub

Shenron 3 Vulnhub Walkthrough

Shenron: 3 is the third part of Vulnhub's Shenron series. This is an easy level machine. There are two flags in this machine and our goal is to read both of them.

TryHackMe

TryHackMe: Mustacchio Writeup

Mustacchio is an easy level box available on Try Hack Me. It includes password cracking, XXE and exploiting SUID binaries. This box is created by zyeinn.

Vulnhub

Shenron 2 Vulnhub Walkthrough

Shenron: 2 is the second part of Vulnhub's Shenron series. This is a beginner level machine. There are two flags in this machine and our goal is to read both of them.

TryHackMe

TryHackMe VulnNet Internal Writeup

VulnNet: Internal is a Easy/Medium level Box. It includes enumerating different services and finding useful information to gain user access. For privilege escalation we have to use port forwarding to access TeamCity service and then we can run commands as root user.

Vulnhub

Shenron 1 Vulnhub Walkthrough

In this article, I will be sharing a walkthrough of Shenron : 1 from Vulnhub. This is a beginner level machine and recommended for beginners.

TryHackMe

Pickle Rick TryHackMe Walkthrough

In this article I will be sharing a writeup for Pickle Rick, which is a free room available on TryHackMe. This is a beginner level machine and the goal is to get all 3 ingredients to help rick.