This one was an easy difficulty box. Good learning path for: Gym Management System 1.0 RCE plink.exe to Port Forward to Bypass Restrictions cloudMe.exe BoF Exploit Initial Recon Nmap Let...
Intro During a security engagement, especially for an evasive/covert type of assessment, you might need to hide your traffic as much as possible. Or if the client has implemented some type of IP b...
This was an easy difficulty box. Good learning path for: Source Code Review (Client-side JavaScript Authentication) Puzzles - Various Encoding Programming Bruteforcing Password Protected .ZI...
This was an easy difficulty Widnows box. Good learning path for: File Extension Bypass Allowed File Extension Checking (Python Scripting) web.config RCE Nishang (Invoke-PowerShellTcp.ps1) ...
This was an easy difficulty box. Good learning path for: OpenSSL Heartbleed Vulnerability OpenSSL RSA Private Key Decrypt Tmux Running as Root Privilege Escalation Initial Recon Nmap Let...
This was an easy difficulty box. It was pretty easy and straight-forward box. Good learning path for: LFI File Enumeration Tomcat JSP Script Exploit Password Protected .zip File Abuse LXD ...
This was an insane difficulty box and had many tricky steps to fully compromise it. Good learning path for: UDP Service Enumeration SNMP to obtain IPv6 Address ICMP Data Exfiltration syste...
This was a medium-difficulty box and good learning path for: Client-side Auth Source Code Review VHOST Enumeration OpenEMR < 5.0.1 - Multiple SQLi OpenEMR < 5.0.1 - Authenticatd Remo...
This box was pretty simple and easy one to fully compromise. Good learning path for: BLUDIT CMS 3.9.2 Brute-force Mitigation Bypass BLUDIT CMS 3.9.2 Directory Traversal Exploit CVE-2019-1428...
Intro We are now in the Cobalt Strike 4.0+ era. As Cobalt Strike is getting more popular choice for the Command and Control (“C2”) server nowadays, customizing your malleable C2 profile is imperat...